Configure GLBP in Cisco IOS Router

Improvement at the gateway level is now more than just about redundancy as we can use Cisco’s sophisticated feature called GLBP or Gateway Load Balancing Protocol. Just by looking at the name, we can easily guess its superior value compared to HSRP or VRRP. In HSRP or VRRP, only the active/master router that do the job while all the standby/backup routers are idle. In GLBP, all routers are efficiently utilized to forward packets, so in addition to redundancy we also get load balancing. We can configure GLBP in Cisco IOS router using three algorithm: round-robinweighted, or host-dependent.

Configure GLBP in Cisco IOS Router

As previously explained, all routers in GLBP are actively forwarding packet. These routers are called Active Virtual Forwarder (AVF). However, there is still one router that must control the GLBP operation, and this router is called the Active Virtual Gateway (AVG). An AVG is elected when GLBP is activated on the network, and it has responsibility to decide the next AVF that will be used to forward packet based on the selected algorithm. A router with AVG role by default also acts as AVF at the same time.

Assuming the basic interface IP and routing has been pre-configured, the command to enable GLBP in each router is as follows.

Configuration on R1:

R1(config)#int f0/0
R1(config-if)#glbp 123 ip 10.1.1.254
R1(config-if)#glbp 123 priority 120
R1(config-if)#glbp 123 preempt

Configuration on R2:

R2(config)#int f0/0
R2(config-if)#glbp 123 ip 10.1.1.254
R2(config-if)#glbp 123 priority 110
R1(config-if)#glbp 123 preempt

Configuration on R3:

R3(config)#int f0/0
R3(config-if)#glbp 123 ip 10.1.1.254

So we’re using GLBP group number 123 and virtual IP 10.1.1.254, and this command should be consistent on each router. On the other hand, we give R1 priority 120, R2 priority 110, and R3 with default priority 100. This is to ensure that R1 has the highest priority among the group members. Router with the highest priority number will be elected as the AVG. If failure happens on the AVG, the role will be granted to another router with next highest priority. Notice that we also enable preempt on R1 and R2, this means that they can reclaim the AVG role from current AVG if they have higher priority. With this configuration, R1 will always the first priority to become AVG.

To verify GLBP configuration, we can simply issue command show glbp brief from any of the GLBP members:

R1#sh glbp br
Interface   Grp  Fwd Pri State    Address         Active router   Standby router
Fa0/0       123  -   120 Active   10.1.1.254      local           10.1.1.2
Fa0/0       123  1   -   Active   0007.b400.7b01  local           -
Fa0/0       123  2   -   Listen   0007.b400.7b02  10.1.1.2        -
Fa0/0       123  3   -   Listen   0007.b400.7b03  10.1.1.3        -

On the example above, we verify GLBP configuration from R1’s point of view. The first line shows information about the current AVG (in this case is R1) and its backup AVG (in this case is R2). The next three lines shows information about AVF, in this case all R1-R2-R3, and their virtual MAC address. Notice that each AVF will listen to the other AVFs, so in case an AVF fails, the other can help processing the packet that supposed to be forwarded by that failed AVF.

GLBP Round-Robin

With standard GLBP configuration as above, the default load-balancing algorithm that will be used is round-robin. With round-robin, AVG will reply each ARP request for the GLBP virtual IP with each AVF’s virtual MAC address in turns, so all AVFs will be used equally.

In our test, we tried traceroute to cloud loopback IP 8.8.8.8 from Client A, B, and C sequentially (after clearing ARP cache on each Client first).

Result on Client A:

ClientA>trace 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

 1 10.1.1.2 52 msec 28 msec 40 msec
 2 8.8.8.8 76 msec 56 msec 60 msec
ClientA>sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.1.1.101               -  c001.2780.0000  ARPA   FastEthernet0/0
Internet  10.1.1.254               9  0007.b400.7b02  ARPA   FastEthernet0/0

Result on Client B:

ClientB>trace 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

 1 10.1.1.3 48 msec 40 msec 92 msec
 2 8.8.8.8 120 msec 44 msec 88 msec
ClientB>sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.1.1.102               -  c005.1e88.0000  ARPA   FastEthernet0/0
Internet  10.1.1.254               4  0007.b400.7b03  ARPA   FastEthernet0/0

Result on Client C:

ClientC>trace 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

 1 10.1.1.1 36 msec 32 msec 36 msec
 2 8.8.8.8 60 msec 88 msec 76 msec
ClientC>sh arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  10.1.1.103               -  c006.1e88.0000  ARPA   FastEthernet0/0
Internet  10.1.1.254               5  0007.b400.7b01  ARPA   FastEthernet0/0

As you can see, each Client got different routes to reach 8.8.8.8 because they receive different ARP resolution for the gateway virtual IP address (10.1.1.254). Client A trace was forwarded via R2, Client B via R3, then Client C via R1. With this result, we can confirm that all AVFs has been used equally.

GLBP Weighted

Weighted algorithm distribute traffic to each AVF based on the weight value assigned to them. An AVF with bigger weight value will get more traffic redirected to it.

For example, if we assign weight value 1 for R1, 1 for R2, and 2 for R3, then AVG will reply ARP requests for the GLBP virtual IP address using R3’s virtual MAC address two times more often than using R1’s or R2’s. The configuration command for the above example scenario is as follows:

Configuration on R1:

R1(config)#interface f0/0
R1(config-if)#glbp 123 load-balancing weighted
R1(config-if)#glbp 123 weight 1

Configuration on R2:

R2(config)#interface f0/0
R2(config-if)#glbp 123 load-balancing weighted
R2(config-if)#glbp 123 weight 1

Configuration on R3:

R3(config)#interface f0/0
R3(config-if)#glbp 123 load-balancing weighted
R3(config-if)#glbp 123 weight 2

Results on client (trace to cloud loopback IP address several times with clear ARP between trace):

ClientA>trace 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

 1 *
   10.1.1.3 60 msec 60 msec
 2 8.8.8.8 136 msec 60 msec 52 msec
ClientA>clear arp
ClientA>trace 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

 1 10.1.1.3 32 msec 24 msec 28 msec
 2 8.8.8.8 48 msec 56 msec 40 msec
ClientA>clear arp
ClientA>trace 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

 1 10.1.1.1 1048 msec 28 msec 24 msec
 2 8.8.8.8 76 msec 60 msec 56 msec
ClientA>clear arp
ClientA>trace 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

 1 *
   10.1.1.2 48 msec 40 msec
 2 8.8.8.8 60 msec 104 msec 76 msec
ClientA>
ClientA>

As you can see that the first two trace got redirected via R3, while each of the next two traces got redirected via R1 and R2 consecutively. The next two trace would probably go through R3 again, because R3 has twice the weight of each R1 and R2.

GLBP Host-Dependent

Host-dependent algorithm guarantees that the same gateway will always be used for a specific client, as long as there is no changes on the AVF number. Under some situations this approach could be the best option, for example in case of stateful NAT.

The way we configure GLBP to use host-dependent algorithm is as simple as one liner shown below:

R1(config)#int f0/0
R1(config-if)#glbp 123 load-balancing host-dependant

Repeat the same command on R2 and R3.

Verification:

Trace from Client A got redirected via R2, even after clear ARP still got redirected via the same gateway

ClientA>trace 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

 1 10.1.1.2 20 msec 40 msec 28 msec
 2 8.8.8.8 60 msec 80 msec 48 msec
ClientA>clear arp
ClientA>trace 8.8.8.8

Type escape sequence to abort.
Tracing the route to 8.8.8.8

 1 10.1.1.2 1048 msec 44 msec 60 msec
 2 8.8.8.8 104 msec 56 msec 92 msec
ClientA>

If we try traceroute via Client B or Client C we would probably got different gateway than Client A, but each client will keep redirected using the same gateway until there is a change on AVF number.

Conclusion

And that’s how we configure GLBP on Cisco IOS router. You see, GLBP is a very powerful proprietary feature from Cisco. With GLBP, we can effectively utilize all our routers as the gateway with several different algorithm that we can choose based on our needs.