Friday, May 23, 2014

CCNP SWITCH: 8. Gateway Load Balancing Protocol (GLBP)

The Gateway Load Balancing Protocol (GLBP) is a Cisco proprietary protocol designed to overcome the limitations of existing redundant router protocols.

To provide a virtual router, multiple switches (routers) are assigned to a common GLBP group.
Instead of having just one active router performing forwarding for the virtual router address, all routers in the group can participate and offer load balancing by forwarding a portion of the overall traffic.

The load balancing is provided completely through the use of virtual router MAC addresses in ARP replies returned to the clients.
As a client sends an ARP request looking for the virtual router address, GLBP sends back an ARP reply with the virtual MAC address of a selected router in the group.

Active Virtual Gateway
One router is elected the active virtual gateway (AVG). This router has the highest priority value, or the highest IP address in the group, if there is no highest priority.
The AVG answers all ARP requests for the virtual router address. Which MAC address it returns depends on which load-balancing algorithm it is configured to use.

The AVG also assigns the necessary virtual MAC addresses to each of the routers participating in the GLBP group.
Up to four virtual MAC addresses can be used in any group.
Each of these routers is referred to as an active virtual forwarder (AVF), forwarding traffic received on its virtual MAC address.

Assigning the GLBP priority to a router:
Switch(config-if)# glbp group priority level

Note: GLBP group numbers range from 0 to 1023. The router priority can be 1 to 255 (255 is the highest priority), defaulting to 100.

Enabling preempting and setting a time delay before preempting begins:
Switch(config-if)# glbp group preempt [delay minimum seconds]

Hello messages are sent between GLBP peers at hellotime intervals, with a default of 3 seconds.
If hellos are not received from a peer within a holdtime, defaulting to 10 seconds, that peer is presumed to have failed.

Adjusting the GLBP timers:
Switch(config-if)# glbp group timers [msec] hellotime [msec] holdtime

Active Virtual Forwarder
Each router participating in the GLBP group can become an AVF, if the AVG assigns it that role, along with a virtual MAC address.
The virtual MAC addresses always have the form 0007.b4xx.xxyy.
The 16-bit value denoted by xx.xx represents six zero bits followed by a 10-bit GLBP group number. The 8-bit yy value is the virtual forwarder number.

GLBP Load Balancing

The AVG establishes load balancing by handing out virtual router MAC addresses to clients in a deterministic fashion.

GLBP can use a weighting function to determine which router becomes the AVF for a virtual MAC address in a group.
Each router begins with a maximum weight value (1 to 254).
As specific interfaces go down, the weight is decreased by a configured amount.
GLBP uses thresholds to determine when a router can and cannot be the AVF. If the weight falls below the lower threshold, the router must give up its AVF role. When the weight rises above the upper threshold, the router can resume its AVF role.

Note: By default, a router receives a maximum weight of 100 and a minimum of 1.

Switch(config)# track object-number interface type mod/num {line-protocol | ip routing}
Switch(config-if)# glbp group weighting maximum [lower lower] [upper upper]
Switch(config-if)# glbp group weighting track object-number [decrement value]

You can use one of the following load-balancing methods in a GLBP group:

A. Round robin - Each new ARP request for the virtual router address receives the next available virtual MAC address in reply. Traffic load is distributed evenly across all routers participating as AVFs in the group, assuming that each of the clients sends and receives the same amount of traffic.
This is the default method used by GLBP.

B. Weighted - The GLBP group interface’s weighting value determines the proportion of traffic that should be sent to that AVF. A higher weighting results in more frequent ARP replies containing the virtual MAC address of that router. If interface tracking is not configured, the maximum weighting value configured is used to set the relative proportions among AVFs.

C. Host dependent - Each client that generates an ARP request for the virtual router address always receives the same virtual MAC address in reply. This method is used if the clients have a need for a consistent gateway MAC address.

Use the following interface configuration command to define the method:
Switch(config-if)# glbp group load-balancing [round-robin | weighted | hostdependent]

To enable GLBP, you must assign a virtual IP address to the group by using the following interface configuration command:
Switch(config-if)# glbp group ip [ip-address [secondary]]

Note: If the ip-address is not given in the command, it is learned from another router in the group. However, if this router is to be the AVG, you must explicitly configure the IP address.

In our topology, let's consider switches AS2, DS1, DS2 and DS3. The distribution switches will have GLBP configured.

All unused interfaces on AS2, DS1, DS2 and DS3 should be shutdown.
All unused switches should be shutdown.
PC1, PC2 and PC3 are all connected to AS2 in the topology for this lab.

This is a simplified image of the topology:

Click the image to enlarge

PC1, PC2 and PC3 (which are routers) will have IP addresses configured and point to the GLBP group address as default gateway.

PC1#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0      YES manual up                    up    

PC1(config)#ip route

PC2#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0      YES manual up                    up    

PC2(config)#ip route

PC3#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0      YES manual up                    up

PC3(config)#ip route

We should first configure the L2 (trunk) links between access and distribution switches.
The DS1-DS2 and DS2-DS3 will be L3 links.


interface FastEthernet1/3
 switchport mode trunk
interface FastEthernet1/4
 switchport mode trunk
interface FastEthernet1/5
 switchport mode trunk


interface FastEthernet1/4
 switchport mode trunk
interface FastEthernet1/1
 no switchport
 ip address


interface FastEthernet1/3
 switchport mode trunk
interface FastEthernet1/1
 no switchport
 ip address
interface FastEthernet1/2
 no switchport
 ip address


interface FastEthernet1/6
 switchport mode trunk
interface FastEthernet1/2
 no switchport
 ip address

Let's create the VLANs on the access switch and assign the PC ports to the VLANs:

AS2(vlan)#vlan 123
VLAN 123 added:
    Name: VLAN0123
APPLY completed.

AS2(config)#interface range fastEthernet 1/13 - 15
AS2(config-if-range)#switchport mode access
AS2(config-if-range)#switchport access vlan 123

Let's create the same VLAN on the distribution switches:

DS1(vlan)#vlan 123
VLAN 123 added:
    Name: VLAN0123
APPLY completed.

DS2(vlan)#vlan 123
VLAN 123 added:
    Name: VLAN0123
APPLY completed.

DS3(vlan)#vlan 123
VLAN 123 modified:
APPLY completed.

Configuring GLBP on DS1 (will be AVG, Round robin method):

DS1(config)#interface vlan 123
DS1(config-if)#ip address
DS1(config-if)#glbp 1 priority 200
DS1(config-if)#glbp 1 preempt
DS1(config-if)#glbp 1 ip
DS1(config-if)#glbp 1 authentication md5 key-string CCnp
DS1(config-if)#glbp 1 load-balancing round-robin 

Configuring GLBP on DS2 (will be Standby AVG):

DS2(config)#interface vlan 123
DS2(config-if)#ip address
DS2(config-if)#glbp 1 priority 150

DS2(config-if)#glbp 1 preempt
DS2(config-if)#glbp 1 ip
DS2(config-if)#glbp 1 authentication md5 key-string CCnp
DS2(config-if)#glbp 1 load-balancing round-robin

Configuring GLBP on DS3 (will be AVF):

DS3(config)#interface vlan 123
DS3(config-if)#ip address
DS3(config-if)#glbp 1 priority 100
DS3(config-if)#glbp 1 ip
DS3(config-if)#glbp 1 authentication md5 key-string CCnp
DS3(config-if)#glbp 1 load-balancing round-robin

Verifying GLBP - we can confirm our configurations with the following commands:

DS1#show glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Vl123       1    -   200 Active     local 
Vl123       1    1   -   Listen   0007.b400.0101   -
Vl123       1    2   -   Active   0007.b400.0102  local           -
Vl123       1    3   -   Listen   0007.b400.0103   -

DS2#show glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Vl123       1    -   150 Standby   local
Vl123       1    1   -   Active   0007.b400.0101  local           -
Vl123       1    2   -   Listen   0007.b400.0102   -
Vl123       1    3   -   Listen   0007.b400.0103   -

DS3#show glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Vl123       1    -   100 Listen
Vl123       1    1   -   Listen   0007.b400.0101   -
Vl123       1    2   -   Listen   0007.b400.0102   -
Vl123       1    3   -   Active   0007.b400.0103  local           -

Note: Notice that DS1 is shown to be the AVG because it has a dash in the Fwd column and is in the Active state. It also is acting as AVF for virtual forwarder number 2.

Note: Because the GLBP group has three routers, there are three virtual forwarders and virtual MAC addresses.

Note: DS1 is in the Listen state for forwarders number 1 and 3, waiting to be given an active role in case one of those AVFs fails.

Note: DS2 is in the Standby role, waiting to take over in case the AVG fails. It is the AVF for virtual forwarder number 1.

Note: DS3 has the lowest GLBP priority, so it stays in the Listen state, waiting for the active or standby AVG to fail. It is also the AVF for virtual forwarder number 3.

Verifying detailed GLBP information on the AVG:

DS1#show glbp
Vlan123 - Group 1
  State is Active
    2 state changes, last state change 00:14:46
  Virtual IP address is
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.948 secs
  Redirect time 600 sec, forwarder time-out 14400 sec
  Authentication MD5, key-string "CCnp"
  Preemption enabled, min delay 0 sec
  Active is local
  Standby is, priority 150 (expires in 9.048 sec)
  Priority 200 (configured)
  Weighting 100 (default 100), thresholds: lower 1, upper 100
  Load balancing: round-robin
  Group members:
    cc05.13b4.0000 ( authenticated
    cc06.13b4.0000 ( authenticated
    cc07.13b4.0000 ( local
  There are 3 forwarders (1 active)
  Forwarder 1
    State is Listen
      2 state changes, last state change 00:10:56
    MAC address is 0007.b400.0101 (learnt)
    Owner ID is cc05.13b4.0000
    Redirection enabled, 597.216 sec remaining (maximum 600 sec)
    Time to live: 14397.212 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is (primary), weighting 100 (expires in 7.204 sec)
  Forwarder 2
    State is Active
      1 state change, last state change 00:11:26
    MAC address is 0007.b400.0102 (default)
    Owner ID is cc07.13b4.0000
    Redirection enabled
    Preemption enabled, min delay 30 sec
    Active is local, weighting 100
  Forwarder 3
    State is Listen
    MAC address is 0007.b400.0103 (learnt)
    Owner ID is cc06.13b4.0000
    Redirection enabled, 597.416 sec remaining (maximum 600 sec)
    Time to live: 14397.416 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is (primary), weighting 100 (expires in 7.416 sec)

From this detail output we can gather the following essential info about this GLBP Group:

- Virtual IP of the group:
- GLBP timers
- Authentication type and password
- Who is the Standby AVG and its priority
- Local priority and weighting
- Load balancing method
- Group members and their successful authentication within the group
- Info about all forwarders in the group and which forwarder numbers is allocated to the local router

Owner ID is cc07.13b4.0000
DS1#show mac-address-table address cc07.13b4.0000
Destination Address  Address Type  VLAN  Destination Port
-------------------  ------------  ----  --------------------
cc07.13b4.0000          Self          1     Vlan1
cc07.13b4.0000          Self        123     Vlan123

A. Round Robin

Now let's initiate some (ICMP) traffic from each of the PCs and observe the round robin method:


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:

*Mar  1 02:43:53.619: IP ARP: creating incomplete entry for IP address: interface FastEthernet0/0
*Mar  1 02:43:53.623: IP ARP: sent req src cc04.13b4.0000,
                 dst 0000.0000.0000 FastEthernet0/0
*Mar  1 02:43:53.675: IP ARP: rcvd rep src 0007.b400.0101, dst FastEthernet0/0


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:

*Mar  1 02:44:03.967: IP ARP: creating incomplete entry for IP address: interface FastEthernet0/0
*Mar  1 02:44:03.971: IP ARP: sent req src cc09.0848.0000,
                 dst 0000.0000.0000 FastEthernet0/0
*Mar  1 02:44:04.031: IP ARP: rcvd rep src 0007.b400.0102, dst FastEthernet0/0


Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to, timeout is 2 seconds:

*Mar  1 02:44:07.635: IP ARP: creating incomplete entry for IP address: interface FastEthernet0/0
*Mar  1 02:44:07.639: IP ARP: sent req src cc0a.0848.0000,
                 dst 0000.0000.0000 FastEthernet0/0
*Mar  1 02:44:07.667: IP ARP: rcvd rep src 0007.b400.0103, dst FastEthernet0/0

B. Weighted

Let’s create a loopback interface on R1 and configure GLBP to track it and decrement the weight value when it goes down:
DS1(config)#interface loopback 1000
*Mar  1 03:12:43.175: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1000, changed state to up

DS1(config)#track 500 interface loopback 1000 line-protocol

DS1(config-if)#glbp 1 weighting 100 lower 80 upper 90
DS1(config-if)#glbp 1 weighting track 500 decrement 30

This configuration on DS1 essentially says:
“Start with a weight value of 100.
If Loopback 1000 goes down, decrement the weight by 30.
If the the weight falls below 80, this router is no longer allowed to be an AVF.
Once the weight has fallen below 80, do not allow the router to become the AVF again until the weight is at least 90.”

Before shutting down Loopback 1000:

DS1#show glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Vl123       1    -   200 Active     local 
Vl123       1    1   -   Listen   0007.b400.0101   -
Vl123       1    2   -   Active   0007.b400.0102  local           -
Vl123       1    3   -   Listen   0007.b400.0103   -

Shutting down Loopback 1000 on DS1:

DS1(config)#interface loopback 1000

*Mar  1 03:28:03.779: %TRACKING-5-STATE: 500 interface Lo1000 line-protocol Up->Down
*Mar  1 03:28:05.779: %LINK-5-CHANGED: Interface Loopback1000, changed state to administratively down
*Mar  1 03:28:06.779: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1000, changed state to down
*Mar  1 03:28:34.283: %GLBP-6-FWDSTATECHANGE: Vlan123 Grp 1 Fwd 2 state Active -> Listen

DS1#show glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Vl123       1    -   200 Active     local 
Vl123       1    1   -   Listen   0007.b400.0101   -
Vl123       1    2   -   Listen   0007.b400.0102   -
Vl123       1    3   -   Listen   0007.b400.0103   -

The weight value has been decremented to 70:
DS1#show glbp
Vlan123 - Group 1
  State is Active
    2 state changes, last state change 01:21:54
  Virtual IP address is
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.540 secs
  Redirect time 600 sec, forwarder time-out 14400 sec
  Authentication MD5, key-string "CCnp"
  Preemption enabled, min delay 0 sec
  Active is local
  Standby is, priority 150 (expires in 7.372 sec)
  Priority 200 (configured)
  Weighting 70, low (configured 100), thresholds: lower 80, upper 90
    Track object 500 state Down decrement 30

If we re-enable interface Loopback 1000, DS1 becomes Active for Fwd2 again:

DS1(config)#interface loopback 1000
DS1(config-if)#no shutdown

*Mar  1 03:35:53.691: %TRACKING-5-STATE: 500 interface Lo1000 line-protocol Down->Up
*Mar  1 03:35:55.691: %LINK-3-UPDOWN: Interface Loopback1000, changed state to up
*Mar  1 03:35:56.691: %LINEPROTO-5-UPDOWN: Line protocol on Interface Loopback1000, changed state to up
*Mar  1 03:36:29.567: %GLBP-6-FWDSTATECHANGE: Vlan123 Grp 1 Fwd 2 state Listen -> Active

DS1#show glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Vl123       1    -   200 Active     local 
Vl123       1    1   -   Listen   0007.b400.0101   -
Vl123       1    2   -   Active   0007.b400.0102  local           -
Vl123       1    3   -   Listen   0007.b400.0103   -

DS1#show glbp
Vlan123 - Group 1
  State is Active
    2 state changes, last state change 01:25:18
  Virtual IP address is
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.712 secs
  Redirect time 600 sec, forwarder time-out 14400 sec
  Authentication MD5, key-string "CCnp"
  Preemption enabled, min delay 0 sec
  Active is local
  Standby is, priority 150 (expires in 9.552 sec)
  Priority 200 (configured)
  Weighting 100 (configured 100), thresholds: lower 80, upper 90
    Track object 500 state Up decrement 30

Now, let's say we manually configure the weight value on each router and set the Weighted load balancing method on all of them.

DS1(config)#no track 500 interface loopback 1000 line-protocol
DS1(config)#interface vlan 123
DS1(config-if)#no glbp 1 weighting 100 lower 80 upper 90
DS1(config-if)#no glbp 1 weighting track 500 decrement 30
DS1(config-if)#glbp 1 weighting 200
DS1(config-if)#glbp 1 load-balancing weighted

DS2(config)#interface vlan 123
DS2(config-if)#glbp 1 weighting 150
DS2(config-if)#glbp 1 load-balancing weighted

DS3(config)#interface vlan 123
DS3(config-if)#glbp 1 weighting 125
DS3(config-if)#glbp 1 load-balancing weighted

DS1#show glbp | i Weighting

  Weighting 200 (configured 200), thresholds: lower 1, upper 200

DS2#show glbp | i Weighting
  Weighting 150 (configured 150), thresholds: lower 1, upper 150

DS3#show glbp | i Weighting
  Weighting 125 (configured 125), thresholds: lower 1, upper 125

Reminder: A higher weighting results in more frequent ARP replies containing the virtual MAC address of that router. If interface tracking is not configured, the maximum weighting value configured is used to set the relative proportions among AVFs.

This can be best simulated using traffic initiated from the PCs (traffic generator).

C. Host dependent

Note: Cisco IOS Release 12.4T is needed for being able to issue commands related to host dependent load balancing (glbp client-cache maximum, show glbp detail, show glbp client-cache).

DS1(config)#interface vlan 123
DS1(config-if)#no glbp 1 weighting 200
DS1(config-if)#no glbp 1 load-balancing weighted
DS1(config-if)#glbp 1 load-balancing host-dependent

DS2(config)#interface vlan 123
DS2(config-if)#no glbp 1 weighting 150
DS2(config-if)#no glbp 1 load-balancing weighted
DS2(config-if)#glbp 1 load-balancing host-dependent

DS3(config)#interface vlan 123
DS3(config-if)#no glbp 1 weighting 125
DS3(config-if)#no glbp 1 load-balancing weighted
DS3(config-if)#glbp 1 load-balancing host-dependent

DS1#show glbp | i Load balancing
  Load balancing: host-dependent

DS2#show glbp | i Load balancing
  Load balancing: host-dependent
DS3#show glbp | i Load balancing
  Load balancing: host-dependent
After replacing the previous IOS image with a 12.4T one and reloading all the GLBP configs:

DS1#show glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Vl123       1    -   200 Active     local 
Vl123       1    1   -   Active   0007.b400.0101  local           -
Vl123       1    2   -   Listen   0007.b400.0102   -
Vl123       1    3   -   Listen   0007.b400.0103   -

DS2#show glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Vl123       1    -   150 Standby   local
Vl123       1    1   -   Listen   0007.b400.0101   -
Vl123       1    2   -   Active   0007.b400.0102  local           -
Vl123       1    3   -   Listen   0007.b400.0103   -

DS3#show glbp brief
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Vl123       1    -   100 Listen
Vl123       1    1   -   Listen   0007.b400.0101   -
Vl123       1    2   -   Listen   0007.b400.0102   -
Vl123       1    3   -   Active   0007.b400.0103  local           -

The GLBP client cache contains information about network hosts that are using a GLBP group as the default gateway.

DS1#show glbp detail | i Load balancing
  Load balancing: host-dependent

Let's configure the client-cache parameters:
DS3(config)#interface vlan 123
DS1(config-if)#glbp 1 client-cache maximum 10 timeout 5

We will issue some pings from the PCs and see how the AVG populates the GLBP client-cache:

PC1#clear arp

PC2#clear arp

PC3#clear arp

DS1#show glbp client-cache

Vlan123 - Group 1
  Group clients within timeout:
    Forwarder 1 clients:
    Forwarder 2 clients:
      cc09.15b8.0000          Age: 00:00:05.112  Updates: 1
    Forwarder 3 clients:
      cc04.0ec8.0000          Age: 00:00:57.728  Updates: 2
      cc0a.15b8.0000          Age: 00:00:30.364  Updates: 2

As of now, PC1 and PC3 will receive ARP replies only from Fwd3 and PC2 will receive ARP replies only from Fwd2.
The AVG assigned Fwd3 as a gateway for PCs 1 and 3, and Fwd2 as a gateway for PC2.
Reminder: Each client that generates an ARP request for the virtual router address always receives the same virtual MAC address in reply.

Note: More info about host dependent load balancing can be found at:
Note: If when modifying the vlan database you encounter the following error you can erase the flash to resolve this issue:

% not enough space on flash to store vlan database. trying squeeze...First create squeeze log by erasing the entire device

% error squeezing flash - (Missing or corrupted log)
Error on database apply 40: NV storage failure
Use 'abort' command to exit


AS1#erase flash:
Erasing the flash filesystem will remove all files! Continue? [confirm]
Erasing device... eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee ...erased
Erase of flash: complete 

Note: Although we reload the switches whenever we want new default configs, the VLAN and VTP information is still present.
The reason is that this VLAN and VTP information is actually kept in the VLAN.DAT file in Flash memory, and the contents of Flash are kept on a reload. The file has to be deleted manually. 
More info at:

No comments:

Post a Comment