Gateway Load Balancing Protocol - GLBP
Why we need First Hop Gateway Redundancy?
LAN users are configured with Default-Gateway IP address, which is the IP of their Local router, which acts as a Proxy, and helps them communicate with remote/distant users. LAN users resolve the MAC address of Gateway router using the Proxy ARP method.If the gateway router fails, the LAN users would be affected. This means that Specifying a default gateway for LAN Users leads to a single point of failure.
Instead of making the LAN users responsible for choosing a new gateway, First Hop Redundancy protocols enable two or more routers to support a shared MAC address (virtual) and advertise to ARP queries of LAN users. If the primary router fails, the backup router assumes control of traffic forwarded to that MAC.
Protocols that provide First Hop Gateway redundancy
- HSRP (Hot Standby Router Protocol)
- VRRP (Virtual Router Redundancy Protocol)
- GLBP (Gateway Load Balancing Protocol)
How Gateway Load Balancing Protocol (GLBP) works?
In order to understand how GLBP works, let us first understand the difference between GLBP and HSRP or VRRP. In HSRP and VRRP only Primary Gateway Router forwards the traffic towards the WAN link. The Backup routers only actively forward the traffic when the Primary router fails.
Although we have a way to use both the gateways to forward the traffic using different groups this is a workaround and requires manual configuration.
GLBP has an advantage over HSRP and VRRP as it enables up to 4 gateway routers to be used simultaneously for sending traffic over WAN links by maximizing and efficient use of bandwidth by load-balancing the traffic over multiple WAN links.
Although we have a way to use both the gateways to forward the traffic using different groups this is a workaround and requires manual configuration.
GLBP has an advantage over HSRP and VRRP as it enables up to 4 gateway routers to be used simultaneously for sending traffic over WAN links by maximizing and efficient use of bandwidth by load-balancing the traffic over multiple WAN links.
Gateway Load Balancing Protocol (GLBP) - Useful Points
- GLBP is a Cisco-proprietary protocol developed to provide redundancy to LAN Users at the Network layer.
- Using GLBP, the gateway routers or Multi-Layer switches(MLS) are configured to behave as Multiple gateways (with single Virtual IP and different Virtual MAC addresses) to the LAN users.
- GLBP works on top of UDP (port 3222) i.e. at the Application layer.
- GLBP gateways/routers/Multi-layer Switches send hello messages on Multicast address 224.0.0.102.
- The gateways routers/MLS for a given gateway address (Virtual IP) are made the member of a common GLBP Group
- LAN users are configured with the Virtual IP (also called Phantom IP) of the Gateway running HSRP.
- The router with the highest priority value, or the highest IP address (if Priority is a tie) in the group becomes Active Virtual Gateway (AVG). The AVG answers all ARP requests for the virtual router address from the users. It depends on the load-balancing algorithm based on which MAC address is returned to ARP queries.
- One task of AVG is to assign the necessary virtual MAC addresses to each of the routers participating in the GLBP group. Up to four virtual MAC addresses can be used in any group. Each of these routers is referred to as an Active Virtual Forwarder (AVF), forwarding traffic received on its virtual MAC address. Other routers in the group serve as backup or secondary virtual forwarders, in case the AVF fails. The AVG also assigns secondary roles.
- GLBP group numbers range from 0 to 1023. It means you can use groups up to a maximum of 1024 per physical interface.
- The router priority can be 1 to 255 (255 is highest), and 100 is the default value.
- Like HSRP, preemption is not enabled by default in GLBP. We have to manually enable preemption.
- The load sharing is done in one of three ways:
- Weighted: Traffic is balanced proportional to a configured weight.
- Host-dependent: A given host always uses the same router.
- Round-robin: Each router MAC is used to respond to ARP requests in turn. It is the default mechanism.
GLBP - Sample Lab and Commands
R1 is Active AVG (Priority 120) and R2 is Standby AVG router (Priority 110). If R1 fails, R2 will take the role of AVG.Also, R1, R2, R3 will also act as AVFs to forward the traffic to remote WAN router R7(7.7.7.7).
R1#show run int f0/0
interface FastEthernet0/0
ip address 10.10.123.11 255.255.255.0
ip ospf 10 area 0
glbp 20 ip 10.10.123.1
interface FastEthernet0/0
ip address 10.10.123.11 255.255.255.0
ip ospf 10 area 0
glbp 20 ip 10.10.123.1
glbp 20 priority 120
glbp 20 preempt delay minimum 20
glbp 20 authentication md5 key-string cisco
glbp 20 weighting track 10 decrement 30 >> Will decrement weight based on Track status.
end
glbp 20 preempt delay minimum 20
glbp 20 authentication md5 key-string cisco
glbp 20 weighting track 10 decrement 30 >> Will decrement weight based on Track status.
end
The AVFs will show in Listen state.
R1#show glbp
FastEthernet0/0 - Group 20
State is Active
2 state changes, last state change 00:37:19
Virtual IP address is 10.10.123.1
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.308 secs
Redirect time 600 sec, forwarder timeout 14400 sec
Authentication MD5, key-string "cisco"
Preemption enabled, min delay 20 sec
Active is local
Standby is 10.10.123.12, priority 110 (expires in 7.536 sec) >> Standby AVG
Priority 120 (configured)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Track object 10 state Up decrement 30
Load balancing: round-robin >>>>>> Load balancing Method
Group members:
c20a.29bc.0000 (10.10.123.11) local >>>>>>> R1's HW MAC
c20b.2a14.0000 (10.10.123.12) authenticated >>>>>>> R2's HW MAC
c20c.09d8.0000 (10.10.123.13) authenticated >>>>>>> R3's HW MAC
There are 3 forwarders (1 active)
FastEthernet0/0 - Group 20
State is Active
2 state changes, last state change 00:37:19
Virtual IP address is 10.10.123.1
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.308 secs
Redirect time 600 sec, forwarder timeout 14400 sec
Authentication MD5, key-string "cisco"
Preemption enabled, min delay 20 sec
Active is local
Standby is 10.10.123.12, priority 110 (expires in 7.536 sec) >> Standby AVG
Priority 120 (configured)
Weighting 100 (default 100), thresholds: lower 1, upper 100
Track object 10 state Up decrement 30
Load balancing: round-robin >>>>>> Load balancing Method
Group members:
c20a.29bc.0000 (10.10.123.11) local >>>>>>> R1's HW MAC
c20b.2a14.0000 (10.10.123.12) authenticated >>>>>>> R2's HW MAC
c20c.09d8.0000 (10.10.123.13) authenticated >>>>>>> R3's HW MAC
There are 3 forwarders (1 active)
Forwarder 1
State is Listen
4 state changes, last state change 00:05:19
MAC address is 0007.b400.1401 (learnt) >>>>>> Virtual MAC
Owner ID is c20c.09d8.0000
Redirection enabled, 597.376 sec remaining (maximum 600 sec)
Time to live: 14397.376 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 10.10.123.13 (primary), weighting 100 (expires in 7.372 sec)
Client selection count: 4
Forwarder 2
State is Listen
4 state changes, last state change 00:18:04
MAC address is 0007.b400.1402 (learnt) >>>>>> Virtual MAC
Owner ID is c20b.2a14.0000
Redirection enabled, 599.268 sec remaining (maximum 600 sec)
Time to live: 14399.264 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 10.10.123.12 (primary), weighting 100 (expires in 9.260 sec)
Client selection count: 4
Forwarder 3
State is Active
1 state change, last state change 00:50:11
MAC address is 0007.b400.1403 (default) >>>>>> Virtual MAC
Owner ID is c20a.29bc.0000
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Client selection count: 4
State is Listen
4 state changes, last state change 00:05:19
MAC address is 0007.b400.1401 (learnt) >>>>>> Virtual MAC
Owner ID is c20c.09d8.0000
Redirection enabled, 597.376 sec remaining (maximum 600 sec)
Time to live: 14397.376 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 10.10.123.13 (primary), weighting 100 (expires in 7.372 sec)
Client selection count: 4
Forwarder 2
State is Listen
4 state changes, last state change 00:18:04
MAC address is 0007.b400.1402 (learnt) >>>>>> Virtual MAC
Owner ID is c20b.2a14.0000
Redirection enabled, 599.268 sec remaining (maximum 600 sec)
Time to live: 14399.264 sec (maximum 14400 sec)
Preemption enabled, min delay 30 sec
Active is 10.10.123.12 (primary), weighting 100 (expires in 9.260 sec)
Client selection count: 4
Forwarder 3
State is Active
1 state change, last state change 00:50:11
MAC address is 0007.b400.1403 (default) >>>>>> Virtual MAC
Owner ID is c20a.29bc.0000
Redirection enabled
Preemption enabled, min delay 30 sec
Active is local, weighting 100
Client selection count: 4
R1# show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Fa0/0 20 - 120 Active 10.10.123.1 local 10.10.123.12
Fa0/0 20 1 - Listen 0007.b400.1401 10.10.123.13 -
Fa0/0 20 2 - Listen 0007.b400.1402 10.10.123.12 -
Fa0/0 20 3 - Active 0007.b400.1403 local -
Interface Grp Fwd Pri State Address Active router Standby router
Fa0/0 20 - 120 Active 10.10.123.1 local 10.10.123.12
Fa0/0 20 1 - Listen 0007.b400.1401 10.10.123.13 -
Fa0/0 20 2 - Listen 0007.b400.1402 10.10.123.12 -
Fa0/0 20 3 - Active 0007.b400.1403 local -
R2#show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Fa0/0 20 - 110 Standby 10.10.123.1 10.10.123.11 local
Fa0/0 20 1 - Listen 0007.b400.1401 10.10.123.13 -
Fa0/0 20 2 - Active 0007.b400.1402 local -
Fa0/0 20 3 - Listen 0007.b400.1403 10.10.123.11 -
Interface Grp Fwd Pri State Address Active router Standby router
Fa0/0 20 - 110 Standby 10.10.123.1 10.10.123.11 local
Fa0/0 20 1 - Listen 0007.b400.1401 10.10.123.13 -
Fa0/0 20 2 - Active 0007.b400.1402 local -
Fa0/0 20 3 - Listen 0007.b400.1403 10.10.123.11 -
R3#show glbp brief
Interface Grp Fwd Pri State Address Active router Standby router
Fa0/0 20 - 100 Listen 10.10.123.1 10.10.123.11 10.10.123.12
Fa0/0 20 1 - Active 0007.b400.1401 local -
Fa0/0 20 2 - Listen 0007.b400.1402 10.10.123.12 -
Fa0/0 20 3 - Listen 0007.b400.1403 10.10.123.11 -
Interface Grp Fwd Pri State Address Active router Standby router
Fa0/0 20 - 100 Listen 10.10.123.1 10.10.123.11 10.10.123.12
Fa0/0 20 1 - Active 0007.b400.1401 local -
Fa0/0 20 2 - Listen 0007.b400.1402 10.10.123.12 -
Fa0/0 20 3 - Listen 0007.b400.1403 10.10.123.11 -
The Switch forwards the traffic(towards WAN) to R1, R2, R3 based on different Virtual MAC addresses learned via different interfaces.
Switch#show mac vlan 1
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- -----------------------------------
c206.27f0.0000 Self 1 Vlan1
ca08.0ad8.0000 Dynamic 1 FastEthernet1/5
ca04.16b0.0000 Dynamic 1 FastEthernet1/0
ca05.2a88.0000 Dynamic 1 FastEthernet1/1
0007.b400.1401 Dynamic 1 FastEthernet1/4
0007.b400.1402 Dynamic 1 FastEthernet1/3
0007.b400.1403 Dynamic 1 FastEthernet1/2
c20a.29bc.0000 Dynamic 1 FastEthernet1/2
c20b.2a14.0000 Dynamic 1 FastEthernet1/3
c20c.09d8.0000 Dynamic 1 FastEthernet1/4
Destination Address Address Type VLAN Destination Port
------------------- ------------ ---- -----------------------------------
c206.27f0.0000 Self 1 Vlan1
ca08.0ad8.0000 Dynamic 1 FastEthernet1/5
ca04.16b0.0000 Dynamic 1 FastEthernet1/0
ca05.2a88.0000 Dynamic 1 FastEthernet1/1
0007.b400.1401 Dynamic 1 FastEthernet1/4
0007.b400.1402 Dynamic 1 FastEthernet1/3
0007.b400.1403 Dynamic 1 FastEthernet1/2
c20a.29bc.0000 Dynamic 1 FastEthernet1/2
c20b.2a14.0000 Dynamic 1 FastEthernet1/3
c20c.09d8.0000 Dynamic 1 FastEthernet1/4
Traffic forwarded by all three AVFs (R1, R2, and R3) on their WAN links :
R1#show int f0/1 | i rate
Queueing strategy: fifo
5 minute input rate 52000 bits/sec, 8 packets/sec
5 minute output rate 53000 bits/sec, 8 packets/sec
Queueing strategy: fifo
5 minute input rate 52000 bits/sec, 8 packets/sec
5 minute output rate 53000 bits/sec, 8 packets/sec
R2#show int s0/0 | i rate
Queueing strategy: weighted fair
5 minute input rate 109000 bits/sec, 16 packets/sec
5 minute output rate 106000 bits/sec, 15 packets/sec
Queueing strategy: weighted fair
5 minute input rate 109000 bits/sec, 16 packets/sec
5 minute output rate 106000 bits/sec, 15 packets/sec
R3#show int s0/0 | i rate
Queueing strategy: weighted fair
5 minute input rate 148000 bits/sec, 16 packets/sec
5 minute output rate 147000 bits/sec, 15 packets/sec
Queueing strategy: weighted fair
5 minute input rate 148000 bits/sec, 16 packets/sec
5 minute output rate 147000 bits/sec, 15 packets/sec
All hosts are learning different virtual MAC for same Gateway IP (10.10.123.1)
Host4#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.123.1 38 0007.b400.1401 ARPA FastEthernet0/0
Internet 10.10.123.4 - ca04.16b0.0000 ARPA FastEthernet0/0
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.123.1 38 0007.b400.1401 ARPA FastEthernet0/0
Internet 10.10.123.4 - ca04.16b0.0000 ARPA FastEthernet0/0
Host5#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.123.1 40 0007.b400.1402 ARPA FastEthernet0/0
Internet 10.10.123.5 - ca05.2a88.0000 ARPA FastEthernet0/0
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.123.1 40 0007.b400.1402 ARPA FastEthernet0/0
Internet 10.10.123.5 - ca05.2a88.0000 ARPA FastEthernet0/0
Host6#show arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.123.1 41 0007.b400.1403 ARPA FastEthernet0/0
Internet 10.10.123.6 - a08.0ad8.0000 ARPA FastEthernet0/0
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.123.1 41 0007.b400.1403 ARPA FastEthernet0/0
Internet 10.10.123.6 - a08.0ad8.0000 ARPA FastEthernet0/0
GLBP - Some more commands
R1(config-if)# glbp group load-balancing [round-robin | weighted | host-dependent]
R1(config-if)# glbp group weighting maximum [lower lower] [upper upper]
The maximum weight can range from 1 to 254 (default 100). The upper (default maximum) and
lower (default 1) thresholds define when the router can and cannot be the AVF, respectively.
Hello and hold (or dead) timers can be configured for each interface with the command:
R1(config-if)# glbp group-number timers [msec] hello-time [msec] hold-time.
Values are in seconds unless the msec keyword is used.
If you understood the concept and like this article, kindly share the same with your friends.
