Improvement at the gateway level is now more than just about redundancy as we can use Cisco’s sophisticated feature called GLBP or Gateway Load Balancing Protocol. Just by looking at the name, we can easily guess its superior value compared to HSRP or VRRP. In HSRP or VRRP, only the active/master router that do the job while all the standby/backup routers are idle. In GLBP, all routers are efficiently utilized to forward packets, so in addition to redundancy we also get load balancing. We can configure GLBP in Cisco IOS router using three algorithm: round-robin, weighted, or host-dependent.
Configure GLBP in Cisco IOS Router
As previously explained, all routers in GLBP are actively forwarding packet. These routers are called Active Virtual Forwarder (AVF). However, there is still one router that must control the GLBP operation, and this router is called the Active Virtual Gateway (AVG). An AVG is elected when GLBP is activated on the network, and it has responsibility to decide the next AVF that will be used to forward packet based on the selected algorithm. A router with AVG role by default also acts as AVF at the same time.
Assuming the basic interface IP and routing has been pre-configured, the command to enable GLBP in each router is as follows.
Configuration on R1:
R1(config)#int f0/0 R1(config-if)#glbp 123 ip 10.1.1.254 R1(config-if)#glbp 123 priority 120 R1(config-if)#glbp 123 preempt
Configuration on R2:
R2(config)#int f0/0 R2(config-if)#glbp 123 ip 10.1.1.254 R2(config-if)#glbp 123 priority 110 R1(config-if)#glbp 123 preempt
Configuration on R3:
R3(config)#int f0/0 R3(config-if)#glbp 123 ip 10.1.1.254
So we’re using GLBP group number 123 and virtual IP 10.1.1.254, and this command should be consistent on each router. On the other hand, we give R1 priority 120, R2 priority 110, and R3 with default priority 100. This is to ensure that R1 has the highest priority among the group members. Router with the highest priority number will be elected as the AVG. If failure happens on the AVG, the role will be granted to another router with next highest priority. Notice that we also enable preempt on R1 and R2, this means that they can reclaim the AVG role from current AVG if they have higher priority. With this configuration, R1 will always the first priority to become AVG.
To verify GLBP configuration, we can simply issue command show glbp brief from any of the GLBP members:
R1#sh glbp br Interface Grp Fwd Pri State Address Active router Standby router Fa0/0 123 - 120 Active 10.1.1.254 local 10.1.1.2 Fa0/0 123 1 - Active 0007.b400.7b01 local - Fa0/0 123 2 - Listen 0007.b400.7b02 10.1.1.2 - Fa0/0 123 3 - Listen 0007.b400.7b03 10.1.1.3 -
On the example above, we verify GLBP configuration from R1’s point of view. The first line shows information about the current AVG (in this case is R1) and its backup AVG (in this case is R2). The next three lines shows information about AVF, in this case all R1-R2-R3, and their virtual MAC address. Notice that each AVF will listen to the other AVFs, so in case an AVF fails, the other can help processing the packet that supposed to be forwarded by that failed AVF.
GLBP Round-Robin
With standard GLBP configuration as above, the default load-balancing algorithm that will be used is round-robin. With round-robin, AVG will reply each ARP request for the GLBP virtual IP with each AVF’s virtual MAC address in turns, so all AVFs will be used equally.
In our test, we tried traceroute to cloud loopback IP 8.8.8.8 from Client A, B, and C sequentially (after clearing ARP cache on each Client first).
Result on Client A:
ClientA>trace 8.8.8.8 Type escape sequence to abort. Tracing the route to 8.8.8.8 1 10.1.1.2 52 msec 28 msec 40 msec 2 8.8.8.8 76 msec 56 msec 60 msec ClientA>sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.1.1.101 - c001.2780.0000 ARPA FastEthernet0/0 Internet 10.1.1.254 9 0007.b400.7b02 ARPA FastEthernet0/0
Result on Client B:
ClientB>trace 8.8.8.8 Type escape sequence to abort. Tracing the route to 8.8.8.8 1 10.1.1.3 48 msec 40 msec 92 msec 2 8.8.8.8 120 msec 44 msec 88 msec ClientB>sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.1.1.102 - c005.1e88.0000 ARPA FastEthernet0/0 Internet 10.1.1.254 4 0007.b400.7b03 ARPA FastEthernet0/0
Result on Client C:
ClientC>trace 8.8.8.8 Type escape sequence to abort. Tracing the route to 8.8.8.8 1 10.1.1.1 36 msec 32 msec 36 msec 2 8.8.8.8 60 msec 88 msec 76 msec ClientC>sh arp Protocol Address Age (min) Hardware Addr Type Interface Internet 10.1.1.103 - c006.1e88.0000 ARPA FastEthernet0/0 Internet 10.1.1.254 5 0007.b400.7b01 ARPA FastEthernet0/0
As you can see, each Client got different routes to reach 8.8.8.8 because they receive different ARP resolution for the gateway virtual IP address (10.1.1.254). Client A trace was forwarded via R2, Client B via R3, then Client C via R1. With this result, we can confirm that all AVFs has been used equally.
GLBP Weighted
Weighted algorithm distribute traffic to each AVF based on the weight value assigned to them. An AVF with bigger weight value will get more traffic redirected to it.
For example, if we assign weight value 1 for R1, 1 for R2, and 2 for R3, then AVG will reply ARP requests for the GLBP virtual IP address using R3’s virtual MAC address two times more often than using R1’s or R2’s. The configuration command for the above example scenario is as follows:
Configuration on R1:
R1(config)#interface f0/0 R1(config-if)#glbp 123 load-balancing weighted R1(config-if)#glbp 123 weight 1
Configuration on R2:
R2(config)#interface f0/0 R2(config-if)#glbp 123 load-balancing weighted R2(config-if)#glbp 123 weight 1
Configuration on R3:
R3(config)#interface f0/0 R3(config-if)#glbp 123 load-balancing weighted R3(config-if)#glbp 123 weight 2
Results on client (trace to cloud loopback IP address several times with clear ARP between trace):
ClientA>trace 8.8.8.8 Type escape sequence to abort. Tracing the route to 8.8.8.8 1 * 10.1.1.3 60 msec 60 msec 2 8.8.8.8 136 msec 60 msec 52 msec ClientA>clear arp ClientA>trace 8.8.8.8 Type escape sequence to abort. Tracing the route to 8.8.8.8 1 10.1.1.3 32 msec 24 msec 28 msec 2 8.8.8.8 48 msec 56 msec 40 msec ClientA>clear arp ClientA>trace 8.8.8.8 Type escape sequence to abort. Tracing the route to 8.8.8.8 1 10.1.1.1 1048 msec 28 msec 24 msec 2 8.8.8.8 76 msec 60 msec 56 msec ClientA>clear arp ClientA>trace 8.8.8.8 Type escape sequence to abort. Tracing the route to 8.8.8.8 1 * 10.1.1.2 48 msec 40 msec 2 8.8.8.8 60 msec 104 msec 76 msec ClientA> ClientA>
As you can see that the first two trace got redirected via R3, while each of the next two traces got redirected via R1 and R2 consecutively. The next two trace would probably go through R3 again, because R3 has twice the weight of each R1 and R2.
GLBP Host-Dependent
Host-dependent algorithm guarantees that the same gateway will always be used for a specific client, as long as there is no changes on the AVF number. Under some situations this approach could be the best option, for example in case of stateful NAT.
The way we configure GLBP to use host-dependent algorithm is as simple as one liner shown below:
R1(config)#int f0/0 R1(config-if)#glbp 123 load-balancing host-dependant
Repeat the same command on R2 and R3.
Verification:
Trace from Client A got redirected via R2, even after clear ARP still got redirected via the same gateway
ClientA>trace 8.8.8.8 Type escape sequence to abort. Tracing the route to 8.8.8.8 1 10.1.1.2 20 msec 40 msec 28 msec 2 8.8.8.8 60 msec 80 msec 48 msec ClientA>clear arp ClientA>trace 8.8.8.8 Type escape sequence to abort. Tracing the route to 8.8.8.8 1 10.1.1.2 1048 msec 44 msec 60 msec 2 8.8.8.8 104 msec 56 msec 92 msec ClientA>
If we try traceroute via Client B or Client C we would probably got different gateway than Client A, but each client will keep redirected using the same gateway until there is a change on AVF number.
Conclusion
And that’s how we configure GLBP on Cisco IOS router. You see, GLBP is a very powerful proprietary feature from Cisco. With GLBP, we can effectively utilize all our routers as the gateway with several different algorithm that we can choose based on our needs.
