This topic is to discuss the following lesson:
Can you run virtual gateway redundancy (HSRP, VRRP, GLBP) over access – to – distribution lines that are running etherchannel as well?
Jason,
This depends on how the access layer connects to the distribution layer. A single Etherchannel is not supported between one physical switch and two different physical switches (unless those two switches using Stackwise, VSS, or vPC). By this, I meaning the following is NOT allowed:
---------Distribution SW1
Access ---- Etherchannel --------VRRP
---------Distribution SW2
You can, however, have Etherchanel across two links that connect two switches together. So, in the case below, Access SW1 is using multiple physical links bundled as Etherchannel to Dist SW1 and another set of multiple physical links bundled to Dist SW2.
Access SW1---Etherchannel #1-----Dist SW1
--------VRRP
Access SW1---Etherchannel #2-----Dist SW2
In this case, you could setup HSRP/VRRP/GLBP between Dist SW1 and SW2 for gateway redundancy (assuming the Dist switches support layer 3).
If you could choose, which gateway redundancy protocol & version would you choose and why? Personally, It sounds like GLBP is the best because it combines the redundancy that HSRP & VRRP provide, while providing actual load-balancing. Oddly, I’ve read/seen HSRP used much more frequently than GLBP; do you think this is simply because more people are familiar with HSRP/ Cisco pushes it harder or is there a legitimate design reason?
-Bartley
Hello Bartley
Both HSRP and GLBP are Cisco proprietary protocols while VRRP is an IEEE standard. From my experience, VRRP should only be used when configuring gateway redundancy with other vendors’ equipment. Compared to HSRP and GLBP, it has no load balancing capabilities.
When using Cisco IOS devices, HSRP does not support load balancing while GLBP does, as you correctly state. However, for Nexus devices, HSRP does automatically perform load balancing across multiple gateways. So from a functional standpoint, GLBP should be used with IOS devices, and either HSRP or GLBP should be used with Nexus devices.
Now why is HSRP more popular? Probably because it was introduced first, and everyone knows it, and may not want to learn the newer protocol. It also seams that until recently, Cisco has include HSRP in its certifications much more than GLBP, but I’m not sure why. I don’t think there’s a legitimate design reason however.
I hope this has been helpful!
Laz
3 Likes
I have an issue where I have a vlan in 2 DC but the Default gateway for both is in one DC. There is an issue when large amounts of data need to reach DG.I am trying to isolate bot DC so the default gateway for both Vlans is localized and does not traverse the OTV, this giving us 1 DG at one data cents and 1DG and 2DC
DC1
vlan 680
ip add 10.60.81.248/23
hsrp 60
ip 10.60.81.250
Dc2
vlan 680
ip add 10.60.81.249/23
hsrp 68
ip 10.60.81.250
Hello Michael
I’m not sure I have completely understood your topology. You have two datacentres, that both have VLAN 680, and you are running HSRP between two devices that are physically located in different DCs. This is possible using OTV, but this results in one of the two devices being elected as the physical gateay, so when you have a lot of traffic, it is oversubscribing your OTV connection between them. Does that sound about right?
What you must do is to filter FHRP messages across the logical overlay. This filtering is required to allow for the existence of the same default gateway in different locations and optimize
the outbound traffic flows so that the OTV is not used to reach a remote gateway. In order to do this, you must enabling FHRP filtering so that each DC will use the local gateway (with the same virtual IP and MAC addresses).
You can find out more information about this on Pages 6 and 7 of the following OTV best practices guide.
Just one note, I notice that your HSRP numbers in the configurations you shared are different. Those should be the same, but I assume that was a typo.
I hope this has been helpful!
Laz
Hi,
i see in the lessons examples you only give one subnet, what it your campus/network/lan has multiple subnets?
Hello Walter
In the case where you have many subnets, you would have multiple SVIs within each of the L3 switches, acting as the default gateways. For each one of these SVIs you would configure gateway redundancy such that you create a virtual gateway for each subnet/VLAN. Take a look at the following diagram:
Here you have 10 VLANs/subnets all of which have SVIs in both devices. You configure 10 virtual gateways, one for each VLAN/subnet. In such a scenario, you would typically make one of the switches the active for half of the VLANs, and the other switch active for the other half. This way, the traffic load can be shared across the switches. This is especially useful with HSRP which does not perform automatic load balancing.
In the above diagram, SW1 is the active gateway for VLANs 10 to 50, while SW2 is the active gateway for VLANS 60 to 100. In the event that one switch fails, the other will take over for all VLANs.
For GLBP, this separation of VLANs is not necessary as it can perform load balancing automatically across both switches for each individual VLAN.
In order to understand this more fully, I suggest you perform the labs in the following lessons, which should clarify this mechanism.
I hope this has been helpful!
Laz
2 Likes
Hi
What is FHRP (First-hop-redundancy-Protocol)?
Is it a synonym of HSRP ?
Thanks
Hello Giovanni
FHRP is a generic term that refers to all protocols that deliver first-hop redundancy. It is not a protocol itself, but it is sometimes used to refer to the category of protocols that deliver this service. These include HSRP, VRRP, and GLBP.
I hope this has been helpful!
Laz
1 Like