Hello Boris
Yes, this is a typo thank you, I’ll let @ReneMolenaar know…
Thanks again!
Laz
Hello Giovanni
The trombone effect is something that we see with first hop redundancy protocols such as HSRP and VRRP when you distribute layer 2 across multiple datacenters in remote locations. As in the example you shared, this effect results in suboptimal switching of traffic. The solution to this is the use of FHRP isolation which is applied in Cisco’s Overlay Transport Virtualisation (OTV) infrastructure.
FHRP isolation allows for the containment of the election process within each site so that a local device is always elected as the active device.
The following Cisco community post summarizes FHRP isolation and how it works to resolve this problem:
I hope this has been helpful!
Laz
Does the Preemption in VRRP enabled by default compare to HSRP? I saw the Preemption shows enabled once VRRP command is implemented.
Another question is that does the preemption in VRRP work the same way as in HSRP? The switch with the highest priority will become the master device immediately.
Hello Po
In HSRP, preemption is disabled by default. However, in VRRP, preemption is enabled by default. Preemption works the same way in VRRP as it does in HSRP. The device with the highest priority will immediately take the role of the Active or Master device.
I hope this has been helpful!
Laz
Thank you Laz. I got it now
1 Like
Hi Laz,
Could you explore here how is load-balancing being performed here mean how traffic will be passed through and when will be though SW1 and when through SW2?
Hello Pradyumna
VRRP does not automatically load balance traffic across all participating routers. Load balancing is achieved by configuring half of the hosts in a subnet to use one default gateway, and the other half to use the other default gateway.
VRRP allows you to create multiple virtual IP addresses. Within each participating router, you can assign different priorities to each virtual IP. So in a scenario where you have R1 and R2, and 192.168.1.3 and 192.168.1.4 as virtual IP addresses, you can configure the following:
- R1 configured with 192.168.1.3 with a higher priority
- R2 configured with 192.168.1.4 with a higher priority
Then, in your subnet, you can assign 192.168.1.3 as the default gateway of half of your hosts, and 192.168.1.4 for the other half. If one of the routers fails, it adopts both virtual IP addresses so all hosts can still function.
So to summarise, with VRRP you don’t load balance traffic, but you load balance hosts. In order to perform real automatic load balancing it is preferable to employ Gateway Load Balancing Protocol (GLBP). You can learn more about this at the following lesson:
I hope this has been helpful!
Laz
Thanks laz almost understand but still having doubt that suppose if one of virtual gateway fails then whole traffic will pass through active router then which host traffic will be prioritize if they are sending traffic simultaneously
FYI Suppose we have no of host.
Hello Pradyumna
Let’s say you have two gateways, R1 and R2, and let’s say their virtual IP addresses are 192.168.1.3 and 192.168.1.4. Let’s say you’ve configured them in the following way:
- R1 configured with 192.168.1.3 with a higher priority and 192.168.1.4 with a lower priority
- R2 configured with 192.168.1.4 with a higher priority and 192.168.1.3 with a lower priority
Let’s also say that you have 100 hosts in this subnet, and 50 of them use 192.168.1.3 as the default gateway and the other fifty use 192.168.1.4.
Under normal circumstances, half of the hosts send their default gateway traffic to R1, and the other half to R2.
Now let’s say R2 fails. What happens? R1 obtains both virtual addresses. This means that traffic from all 100 hosts will go to R1.
Note here that the priority set up in the routers does not have to do with the prioritization of traffic, but simply with which virtual IP address will be adopted by each device. If R2 fails, R1 obtains both virtual IP addresses, and simply functions as the single gateway for all hosts. Traffic is served on a first come first serve basis.
I hope this has been helpful!
Laz
I can you tell me how 2 switches can exchange information about priority to themselves ?
I saw that there is not any information about backup switches.
And also what happen if every switches set himself as master switch?
And also…what happen if the vrrd ID is the same on any vlan configuration even with different subnets ?
Thanks as always
Hello Giovanni
Take a look at the diagram from the lesson:
When configured correctly with VRRP, SW1 and SW2 will communicate with each other over the link with SW3. If you configure ports Fa0/17 and Fa0/19 of SW1 and SW2 respectively, you would have something like this:
SW1(config)#interface fa0/17
SW1(config-if)#vrrp 1 ip 192.168.1.3
SW1(config-if)#vrrp 1 priority 150
SW2(config-if)#interface fa0/19
SW2(config-if)#vrrp 1 ip 192.168.1.3
It is the vrrp 1 prioritycommand that specifies the priority of the particular virtual IP. The number 1 indicates the VRRP group. In this case, SW1 has priority for that virtual IP so it becomes the master gateway.
So it is the priority that makes a gateway become the master or the backup.
If the switches communicate correctly over VRRP, this will never happen. One of the two will become master, and the other will be backup. This is determined by the priority. If the priority is the same, then the router that owns the IP address (the address is configured on its physical interface) will become master.
Not sure what you mean by VRRP ID… can you clarify?
I hope this has been helpful!
Laz
1 Like
I mean the VRRP group, can I configure the same vrrp group with different vlans and different subnets?
Hello Giovanni
I see what you mean… The VRRP group number must be the same on the interfaces that you choose to participate in VRRP. By using the same ID number, you are pairing up those specific interfaces together.
Secondly, the IP addresses of the physical interfaces, as well as the virtual IP address must be in the same subnet. Even if you could configure an IP address in a different subnet, your hosts will be unable to reach that gateway (whether a physical or virtual IP address) in the event of a failure of one of the switches.
I hope this has been helpful!
Laz
I saw that the switch can only configure 255 VRRP groups.
What can I do to configure VRRP in each SVI interface, if I have more than 255 vlans?
INTEGER<1-255> Virtual router identifier
Thanks
Hello Giovanni
Note that the VRRP group number must be unique within the VLAN. So you can use the same VRRP group number in different VLANs so you have no limitation as to the number of VLANs for which you configure VRRP. The purpose of the group number is to be able to assign multiple virtual IP addresses with varying priorities for the purpose of load balancing, as specified in the lesson.
I hope this has been helpful!
Laz
Hello in the case in which you have more links under the routers in which VRRP is configured as would be the configuration
Hello Alex
As in the diagram you shared, you have more links and network infrastructure on the enterprise-facing interfaces (Gi0/1 on both routers). This doesn’t change the VRRP configuration. All the devices found within the network segment with the 200.17.34.0/24 address range will use the virtual VRRP address as the default gateway. Whichever router has priority (Router A in the diagram) will serve as the gateway of all that subnet.
I hope this has been helpful!
Laz
1 Like
Hi Lagapides,
But the Gi-0/1 interface will not be the only one looking down, I have 4 interfaces on each router, from router A two interfaces to FW-A and two interfaces to FW-B, same for router B.
Should I configure VRRP on the 4 interfaces of each router (Router A, Router B) or how will these cases be handled?
Hello Alex
It all depends on how many subnets are involved. Remember that VRRP is a gateway redundancy protocol. It makes the default gateway of a single specific subnet redundant by allowing multiple routers to serve the gateway. So the way you will configure VRRP depends on how many subnets you have on the inside-facing interfaces of the routers.
In the diagram, I only see one subnet of 200.17.34.0/24. So if you only have this single subnet, and you have four interfaces on each router connecting to this subnet, then you will have to figure out what role these interfaces will play. If the routers are actually Layer 3 switches, it may be worth configuring the links with the FWs as L3 etherchannel connections. Then you could configure VRRP. You would also have to consider how the firewalls would be functioning, as two separate devices or in an Active/Active or Active/Passive redundancy arrangement.
If they’re pure routers, then you will have to create multiple subnets, one for each physical interface and allow routing to provide the redundancy to the connections with the firewalls, and let VRRP provide redundancy only within each subnet.
I hope this has been helpful!
Laz
1 Like