ENCOR Teaching - FHRPs!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] [Music] [Applause] [Music] [Music] [Music] alright happy Tuesday everybody it's good to be back here we had a actually one of my thinking we were back last week weren't we exploring that new CCNA last week it just wasn't a technical session so in my head I'm like oh boy we didn't do anything last week it was actually a lot of fun and very important so if you happen to miss that if you're studying for your CCNA be sure to go back and watch that video in the archives because a CCNA is crazy the new one and call those programmability stuff so it be sure to touch on a lot of that again in that session last week so today we are switching gears a little bit I'm going from the non-technical world back into the technical and we are looking at ccnp level content so I have the privilege of CC CBT Nuggets of making on core content and on core en cor kind of a weird way of saying it but on course stands for enterprise networking core so it's Cisco's core enterprise networking exam and that's the key exam for the CCNP this time around so cisco has renamed their RNs track the en track so RNs routing and switching has become enterprise networking or en and again now the CCNP enterprise networking the CCNP en is focused on this or centered around this on core examine so again it's it's a lot of fun making this content I actually just went through fhr peas in the encore playlist and so we're gonna be diving into those a little bit tonight we'll see how long it takes to get through all of the white boarding talk boarding of the FFA char peas themselves and ideally we have some time at the end actually log into the lab and take a little look at some of the web configuration hey Ben Sahar how's it going thanks for saying hi alright so as far as the agenda is concerned so we're looking at FH RPS tonight again any time we talk about first hop redundancy protocols it's going to come down to three main topics we're going to be looking at HS r p v RR p and g lb p those are the three main protocols that fall into that F HRP category but we're to start off just by making sure we're on the same page defining yfh our P's are important what they're accomplishing what they can do for us and then oops hey Big Poppa you stick around as long as you can full evening tonight all right very good but hey thank you very much for extending your subscription very good and we are actually moving up in the world we're no longer we're looking at some encore Content tonight so stick around as long as you can for sure there's a little bit of a sneak preview of what CBD not gets is working on behind the scenes here so again we're gonna be looking at fh RP s-- v RP it's just RPG LBP three of the all three of the something something something Peas right a lot of these protocols and then ideally again we'll get in the lab and do some configuration so let's go ahead and jump in here to the white board and try to figure out what what all these fhr peas are about so I'm guessing most of us on some level understand the goal of a fhr peas but just to kind of recap here gets on the same page the idea tends to be that let's say we've got some users that are logged into a network and let's just give the example that you know where there's an upstream router so like maybe maybe a long time ago back in the day however you want to say it we had a single router and this was the default gateway right here so maybe this is the 192.168.1.0 slash 24 network and we've got dot one here as the default gateway so what that means is these pcs that we configure them for a default gateway of dot one each one of them individually and that means that any time they need to talk to something outside of the network they're going to go out through their gateways which you know again we're we're comfortable with that this post CCNA level so the idea here is this once upon a time we looked at this and said okay this is great but we could use some redundancy and so the redundancy is going to look like this we're gonna throw another router onto this network this could be any layer 3 device so this could be a layer 3 switch it could be a router and maybe that's the extent I could be a firewall technically actually so and really any layer 3 device could be our default gateway and so we're going to assign this to dot 2 and wouldn't you know it use the big bad red color here wouldn't you know it one of these routers goes down it happens to be the one that we've configured for dot one and we say ok no problem router number two is back or is still there we paid extra money to buy another router and have it ready for redundancy and once you know what the network still goes down and the reason the network goes down is because we're still pointing our default gateways to dot one and that one is gone we've lost that one so what are we gonna do here well one of two things either we come to this router and we replace it or reconfigure it really and say that this is not one now you are dot one now and they all of my machines are back online that's gonna cause problems if router you know that first router comes back up and you know it's probably not best practice to do that I mean I guess we could go around to every PC in the network and configure 4.2 but that's not prudent either so clearly we need a better solution and that third option for us is going to be hey guess what first type redundancy protocols so the idea here is going to be this and because I didn't make myself a new layer I'm gonna have to redraw that but that's fine no problem so we've got two routers we know the situation now these two routers are on one network segment so again we've got multiple pcs down here and let's just say the Gateway for all these pcs is once again dot one I need to make sure I don't draw on my face again or under and right in my face the Papa sent help help that staff to change the user pcs yeah that's a sneaker net concept right and put on your sneakers and start running around to get outgoing I don't know I've never heard of a story like that but I have to think that those stories exist from you know mid 90s or so I don't know when H SRP really came out but I mean there had to have been networks were like ok the gateways down we've got a different way let's reconfigure IP addresses to make that happen by the way tonight's tonight's stream is sponsored by mr. Keith Barker the og of IT that means great shirt in the mail so I really I really Oh wanted him one for that I even signed it over here and said Jeff you rock Keith Barker so I really appreciate Keith sending me this shirt I was like I am wearing this on my stream tonight got to do it alright so where was I going with that okay so the idea here is this let's not assign the date gateway address dot one to either one of those routers let's assign let's say dot two to the router on the left and dot three to the router on the right let's just give these names because we're gonna keep referring to these guys's something so router 1 and router 2 then what we're going to do is we're going to share an IP address will call this dot one here now as a virtual IP address or that VIP concept and a virtual IP address simply means that nobody owns it on a physical piece of equipment it just sort of lives in the ether in the virtual layer or what have you and so one of these routers has to own at a time we can't both routers claiming to be dot one that would be a true duplicate IP address and we don't want duplicate IP addresses on the network that would be bad so only one can have that one at a time and so let's say we've got this primary and secondary concepts a primary and a secondary so now the primary owns dot one for right now and then hey I'm gonna remember to do another layer this time there we go so then wouldn't you know it again of course router one the primary goes down takes down that dot one IP address well fortunately we are running this F HRP first type redundancy protocol that manages this virtual IP address therefore the virtual IP address now shows up magically on the secondary router and because of this the pcs that we're going this way one moment ago will now switch over and go this way in a brief moment pretty pretty quick this is this can happen if we tune our timers right and everything all the can happen in less than a second okay so this happens very very quickly it definitely matches modern the needs of modern networks because even when HSR P came out the default setting is like 10 seconds for it to default or to it for it to detect of one of these the primaries gone down so the second ear is gonna sit there for 10 seconds and wait and then it'll flip over and then it usually takes another second or two to converge so you're talking about 10 to 15 seconds potentially of outage because one of your redundant devices went down instead we tuned those timers now in this day and age to be sub second timers so maybe now instead of every three seconds we're sending hellos we're sending them three times a second or every 300 milliseconds and then instead of waiting 10 seconds we wait one full second because we can't wait 15 seconds and truthfully on these network switches that we have today I mean we're not it's trying to even think of why we'd wait that long I don't I mean like I think just like processing power on the routers and sending them and network bandwidth like yes but you know even back in the 10 Meg days it should have been much bandwidth so all right so now we have our solution this is fhr peas but there's gonna be a lot that goes into making this work okay and this is where you know everything we've covered up until now is probably that CCENT CCNA level of understanding of first type redundancy protocols but when we want to understand this at a deeper level going into that encore CCNP level we need to understand what's going on on the network to make this happen and so one of those concepts is we're going to have to talk about ARP and layer 2 virtual MAC addresses so let's go ahead and talk about that I'll get rid of my bad layer there I'll go back to the other layer and we'll choose a different color here to keep things fresh okay so what's going on underneath behind the scenes so there's a concept of a virtual MAC address at play here we've mentioned the virtual IPA and that's a little easy to understand okay it's an IP address that's being shared but what happens how do we get you know from these pcs out to wherever we're trying to go and we're sending traffic to the default gateway what is our destination IP address our destination IP address is not dot one because if our destination IP was that one and that one received it it'd be like what do I do with it yeah you know our destination IP is out here in the rest of the world wherever we're trying to get it could be the next network over on the other side of that router it could be across the internet but either way the destination IP address never changes sort of network address translation but we won't go into that for now the destination IP address never changes and therefore we need a way for this router right here router 1 whatever our default gateway is we need that router to be able to pick up that packet no it's destined on the local network for it and of course local and network local network addressing should trigger us to think about MAC addresses so if we have a virtual IP address that is shared between two routers well guess what we're going to have any virtual MAC address as well that's shared between those two routers this virtual MAC address is going to be bound to that's dot 1 address so just to kind of clear oh you know what ah I went back to the other that's right we'll get rid of all this just because a little a little noisy Libby M V Mac there so now we not only have a virtual IP address we have a virtual MAC address and when I listen I didn't add a new there there we go so this virtual MAC address is at the heart of what makes all of this work because what what is going to happen here is that this gateway let's say this host right here doesn't ARP 4.1 steady state operation both routers are up I need to send traffic to and through my default gateway what do I do well if I've never sent anything to my default gateway I don't know what it's a MAC address is then this is the concept of ARP I know I've been pre-configured hard-coded with my default gateway being dot 1 now that my be the saying it's hard code it is a stretch because it's still DHCP right I've dynamically received my gateway address its dot one but that's all I know I didn't get the MAC address from my DHCP server I only know the IP address so I ARP for it and I say hey who owns dot one as the IP address and the primary is always responsible for responding to the ARP responses technically either one could respond to it but we don't want the chaos of to being a free-for-all or maybe both of them respond and that could be confusing so the primary is going to respond by sending an ARP response and that our purse Ponce will give it this virtual manic so maybe this virtual MAC address is a I don't know we just keeping track of of the different virtual MAC addresses here that we're talking about so I guess now either right doesn't matter so now we've got dot one as a gateway address we know that that's my IP address I've done an ARP and I've gotten back the virtual MAC address so now I understand that not only do I have my default gateway IP address but I also have my default gateways MAC address which would be a in this case now I can send that packet to my default gateway and the way I do that is I keep my destination IP address focused on the end destination Google comm or whatever I'm sending my packet to from an IP address perspective of course so Google comm is a bad example I've got my destination IP address and then my destination MAC address is always going to be for my default gateway so my destination IP will be whatever my destination is my destination MAC address will be the gateways Mac that virtual MAC address so because I have now sent this packet up everything is good it forwards it upstream it gets it out to the Internet or what have you life life is good and again we have this scenario where this router has now gone down so we know that we take on the virtual IP address we probably need that virtual MAC address don't we and the answer is yes we do and so we're also gonna take on that virtual MAC address but there's a problem with this and it requires a different type of drawing look at it from this perspective here's a switch it could be a series of switches it doesn't really change in a layer two environment and I've got my two routers living out two of these interfaces and I've got my PC I'll just do one PC living out this interface now this is a layer 2 switch at this point it could be a multi-layer switch it doesn't matter but we're talking about the layer 2 operation of this switch and we have on every layer to switch this concept of a cam table cam stands for content addressable memory and the fun thing about that is this actually means there's there's a lot of meaning in those words it's it's kind of weird to say well wait a second it's the MAC address table because we store max here so m.a.c media access control that's what max stands for at least as long as you're not talking about Macintosh computers but MAC address media access control m AC cam CA M is backwards why we call them a can't 8 cam table why don't we call them Mac tables and we certainly do call them Mac tables there's nothing wrong with that if you said the MAC address table everybody's gonna know what you mean in fact a lot of Cisco commands are centered around show MAC address table or what have you so yeah we all know that there are MAC address tables so why content-addressable lookup well a content-addressable lookup matter this is a little bit of an aside but it's actually kind of interesting because if we do a memory lookup and you know random access memory we're talking about normal pcs usually what's happening is an application is going to store data in a memory address and so later when that application needs that data it provides the address to get that data back and then the memory sends the data that's at that address that's a standard memory lookup a content addressable lookup is backwards it's this concept of being you know again we're we're flipping it on its head because what we're doing is we're actually for a cam we're providing the yeah we are on this face we're kind of skipping this face the switch does the phase work populates the table okay and so for this phase right here rather than the app providing the address the app actually provides what we call the content in our case the content is a MAC address and the response is technically we could call it the memory address I mean technically that is what's happening and then we use the address to figure out what interface to send us what to send something out so I just thought that was interesting and worth sharing kind of a little bit behind again this is supposed to be a little bit more of an advance of a conversation so this content addressable lookup concept goes beyond cisco goes beyond switches goes beyond networking it's it's a memory computer level function but i will say that most you know you know you you search for addressable memory lookups you're going to find a lot of examples pointing to networking because networking relies on content-addressable lookups very heavily at this layer to operation so that's neither here nor there that was just sort of a fun aside so we have this cam table kind of an addressable memory lookup or content addressable memory table and this cam table gets populated remember we said we skipped this phase up here because the switch is doing that but really what's happening is that as packets get sent we know that this cam table is getting populated so the the cam table says let's just give these numbers here let's say that this is mac address a this is mac address B this is MAC address C and LAN you know what let's just go ahead and give us a fourth host cuz we'll need that in a second meanwhile let's also call these ports one two three and four so this cam tables gonna look something like this port one has well actually let me draw it it out so port Mac and by the way a third a data point and third data entry is and I'm kind of right over my head here is the VLAN so you can look at one of two ways you can say that the the Meg table is partitioned out by VLAN technically it's not technically the VLAN is just a parameter in the table but I like to think of it as if every VLAN has its own cam table it's just sort of the right way of thinking about it in my opinion but you know we're not gonna we're not talking about multiple VLANs right now so we're just gonna leave that out all right so we've got a mapping so this router starts speaking on port one we learned that Mac a lives out port one same thing with port two router B starts speaking and MAC address B shows up on port 2 well think about this as soon as C speaks let's say C sends and then that ARP request and that our per quest is asking for the virtual MAC address so what did we say happens the primary is going to respond so let's say the primary here is on the Left secondary or standby is on the right and because we've sent this ARP ARP request out port 3 first of all my MAC address to C on port 3 and so the switch is going to learn about port 3 is Maxie trying hard to stay within the parameters here make sure you guys can still see it and then this our purse Ponce comes back and the ARP response change colors here this ARP response comes back in it's an ARP response and it's MAC address is let's just call it V for virtual MAC address so now we've just learned that out port 3 is also this virtual MAC address ok I guess it's the last entry I can make in the in the port back table alright so the switch now knows that that virtual IP address lives out port 1 I said that wrong whoops there we go 1 the virtual MAC address lives out port 1 and so next time now my let's say my PC now wants to send a packet to that virtual MAC address again with the example we gave well now the switch knows to forward that packet out port 1 all right so that's good that's great everything is good I really do need a little bit I'm gonna have to move my face here classic examiner classic situation limbs here they're due to do there all right I'm all move me back here in a moment all right so and now let's talk about that failure scenario soon as my machine responds there we go now let's talk about that failure scenario so this router now goes down and we just said that this router right here router 2 or whatever we want to call it now we're representing the virtual IP address now we're representing the virtual MAC address are you see the problem I'm gonna I'm gonna take a drink break here just for a second I'm gonna sit my water and you try to figure out what's the problem here because there is a problem and it's right there on the screen here's the problem host C wants to send another packet to its default gateway so it sends that packet the switch upon receiving a and we'll call them packets but they're layer 2 it'll air to their frames right so we're the switch receives that frame and it looks at its cam table where does MAC address V live according to its MAC address table it lives at port 1 now port 1 might have gone down like the router actually died and there's no electrical connection out of it and so therefore this entry was cleared and I guess the good news is if there's no entry if the entry was cleared and there's no entry then it'll get flooded out all of the interfaces and that's that's a decent situation actually it's why switches behaved this way is to catch these situations where it'll flood unknown traffic everywhere however we do have a better mechanism because there could be a problem where that router maybe it's out maybe it lives out another switch and or maybe it's not directly connected to the switch or was some some situation where the port is up but the router is actually still down all right so what so what could it happen or what what can we do to awaken the switch to the fact that the virtual MAC address now lives out port 2 because that's where it lives now right well there's this concept of a gratuitous ARP and maybe you've heard of this and maybe you haven't but a gratuitous ARP we call these garbs because we love our acronyms in now working world that's for sure a Garf a gratuitous ARP is essentially an ARP request that nobody asked for I said requests and met response there we go in our purse Ponce that nobody asked for nobody sent a request therefore there's no reason to send a response right well in this case there is so nobody said hey dot 1 where are you this time what the reality is is that this router router 2 and then really baked into the protocol we know that we have this problem with the kam table so if we send a gratuitous ARP what happens as soon as that frame hits that switch port so which is going to do what a switch is going to do it's going to say ok out port to this virtual MAC address now lives now anytime a switch gets a new entry for an old MAC address address or an existing MAC address it's going to clear out the old entry so it will clear this out it will assume that the virtual MAC address moved in this case indeed it did the network the network according to GARP garbage I tell you what GARP SAR are very there they're used a lot in the data center space UCS uses garbs all the time as things move around VMware anytime there's a V motion GARP s-- all over so it was a funny word and it sounds sounds weird to say but we absolutely use garbs a lot for this part particular application so this is what's happening underneath the hood of a first half redundancy protocol in order to converge the network because yes we need to converge layer three and we kind of do that I mean we the the last whiteboard drawing was focused on converging layer three it was simply IP address is now managed by this router but we have to converge layer two as well we want to converge that quickly and so it GARP is the fastest way to converge the network layer 2 network as to where it lives again keeping in mind that this might not all be directly attached so this GARP is going to it's a it's an arp response it gets you know it's going to get flooded it's gonna get flooded throughout the entire network and so you know every switch and the network is going to learn where this virtual MAC address lives all right so moving on I think we talked about specifics now maybe a little bit that would be nice right so let's go into the wonderful world of HSR P I need to move my face back I think there we go all right let's get off of that ugly red color we don't have any outages yet you can bet we're gonna get some outages here soon ok so HSR P now these FH RP this effort repeat concept was developed and invented by Cisco all right leave it to Cisco this happens all the time it's it's a tale as old as time wow I can't I could spell Cisco with two eyes that's exciting tail is all this time Cisco is on the scene because they just they have enough of a base enough of a you know I guess I don't know okay I was gonna tries any of another word besides base but they have a lot of Cisco routers and switches out there and so when there's a problem that arises in the industry what happens a lot is cisco will create a solution for it push it out and software to all of their switches and throughout the world or what have you and so now Cisco users can get around that problem meanwhile non Cisco switches can't and so the industry the I Triple E or the IETF will usually work with Cisco to create a a new industry standard around that topic so in our case cisco invented the hot standby router protocol HSR p and the hot standby router protocol worked great only on Cisco devices because it was a Cisco only solution and then the industry wrapped its arms around the idea of the virtual router redundancy protocol that would be the industry standard version and then Cisco had another idea and so they decided to create another shrp called the global load balancing protocol and incidentally they updated HSR P the HSR P version to okay so these are called three main routing protocols HSR uh first up redundancy protocols we have HS RP v r RP + GL BP and we do need to know a little bit a few of the differences in HS our PE version 1 vs HSR PE version 2 so I'm not sure we'll try to cover some of that tonight but we'll see we'll see where we land with that it's there's a lot to cover in this topic and it's already been 30 minutes which is crazy time flies okay so HSR p the best way to learn fh RPS in my opinion is to kind of pick one and I'll just pick HSR P because a lot of network still use it just RP and especially since you know we're talking about Encore which is a cisco level exam so hey yeah we'll stick with the cisco protocol but once we learn HSR P vrrp is really easy to learn it's just really the same thing just with some differences and so we'll learn those differences and GL BP kind of the same thing it's a little bit different than is Rp in a very specific way so let's focus we'll start off with HS RP and figure out how this works now we know the gist of how these fhr P's work so we don't need to go into the all of those details but we are going to need to talk about a few of them and get a new layer here there we go okay so first and foremost HS RP all all if H our peas are configured in groups what a group means is I might have for example four or five routers on here on this network segment and two of these I'm gonna pair together and these two I'm going to pair together and if they're all talking H SRP together I can't have them all drumming going right because I just want the two green ones to be together I want the two blue ones on the right to be together I don't want them interfering with each other and this is where groups come into play so groups would I could assign a group to this set of routers and say okay your group number one and I can sign a different group to these two riders and say your group number two the most common situation where you see that groups are overlapping tends to be a situation like this where you have two routers on one side and they're talking to two other routers on the other side and a lot of times this is a service provider pair of routers and this is sort of a DMZ Network out on the internet edge and these are my Internet routers here and so I'm running HSR P this way they're running HSR P that way and now of a sudden we could all four of us all four of these routers think that they're all on the same HSR P or in the same ages or P domain and we don't want that they're sharing different virtual IP addresses virtual MAC addresses different networks behind them and so we don't want them all to share we want to separate pairs and this is again where the benefit of having groups comes into play so an H SRP version one I'm just clear that out because I got busy in HSR pee version 1 we get 256 groups sounds like a lot right it sounds plenty alright and yet HSR pee version 2 gives us 4096 now holy smokes Jeff why 256 was plenty why are we going to 496 or 4096 there actually is a good reason for this okay number 1 if I have a multi-layer switch and I think of how to draw this multi-layer switch I'm not great with my network signal symbols sometimes if I have a multi-layer switch and I'm running HSR P on a SB I switched virtual interface this is a VLAN interface and what a VLAN interfaces have they have a VLAN ID so maybe this is the VLAN 10 interface so if I have the VLAN 10 interface and I'm going to configure an HS RP group what group ID do you think I'd like to use there's no technical reason for picking any particular number I could use HS RP group 17 I could use HS RP group 178 I mean I can use whatever H is RP group I want but from a human perspective from a readability and organizational perspective I'm going to configure HS RP group 10 because that looks pretty and in troubleshooting I mean when you're troubleshooting in that work and like the networks down and people are you know screaming about getting a backup online and you're frantically punching like the keyboard or other people who aren't familiar with this networker you know maybe consultants or Cisco tack I mean they're hammering their keyboard and they're trying to fix a problem this kind of organization helps because we all kind of get this concept so we want to align the HS RP group number with the VLAN ID that sounds great that might be why we have 256 groups and HSR PB 1 because now I mean I don't need more than probably you know maybe eight maybe sixteen in fact early implementations of HS are P some some routers you'll find only support 16 groups so that's just a software limitation that and potentially hardware has nothing to do with the protocol the protocol can support 256 and that sounds like plenty but again now I'm going to configure HS RP on my s VI and this VLAN interface is $4.99 okay that's that's fine I mean VLANs can go all the way up to 4096 so I'm gonna configure what HS RP group ooh I only have 256 I can only go 0 to 255 so I can't actually match VLAN for 99 like maybe 99 is available and I could try to match that or maybe I could call it 49 to match the first two digits but I can't directly match for 99 this is why with HS RP virgin - Cisco gave us 4096 so we can match whatever VLAN ID cuz how many VLAN IDs are there 4096 so if we have VLAN for 99 I can have HS RP group for 99 if I have VLAN 3690 2 I can have HS RP VLAN or HS RP group 3690 - I don't even remember what I said but you get the point all right so the number of groups is different between HS RP version 1 h RB version 2 and for the encore exam I would remember that I mean there's a lot of facts around first hop redundancy protocols and so I would not hesitate to spend a half an hour to an hour just memorizing this among other things are going to mention here ok next concept change colors here next concept is priority okay so we're on the same group maybe we've configured group what do we say over there 10 so we've got group 10 can on both interfaces we've got this virtual IP address configured by the way the virtual IP address is the only thing you have to configure on an interface to activate fhr p so an F H R P so like HS r P for example if I want to activate HS RPN and interface all I have to do is get on there and type the words stand by because Cisco didn't use HS RP as the command standby and then optionally enter the group ID otherwise it defaults to group 0 but probably HSR standby 10 IP and then the virtual IP address that's it if I do that command on both routers on those interfaces HSR P is active they'll communicate with each other and you have yourself a redundant network that's all that's all you have to do is that one command it's pretty awesome but we like to tune things we like to be in control we don't know like for example who's gonna be the primary who's gonna be the secondary now and it's just our P again is one of those memorization things we do need to memorize the names the types of primary and secondary hey Keith thanks for stopping by I should hope you love this shirt I love this shirt thanks again for sending that talking about FH RPS tonight a little preview of the Encore content that's coming out here hopefully soon so what we've got here is a kept remember was talking about we're talking about who is the primary ok I remember now because the names are important in HS RP and Cisco land we call this active and standby we do not call them primary and secondary for example I like to use primary and secondary generically when talking about FH our piece because guess what as soon as we get to vrrp it becomes master backup so of course we can't ever just use Cisco's words because we don't want to get I guess sued by Cisco technically I don't know how exactly that works but the assumption here is you know is this go call to active standby we're creating an industry standard version we don't want to call it the same thing so active and standby hour important those are the Sisko verbs terms whatever and we need to keep that in mind so back to the original question how do we determine the active versus the standby well it's this concept of priority and we talked about this we've mentioned this a couple times in this study group so if you haven't been part of this I'll repeat this when it comes to priorities and elections and things like that sometimes in networking the higher number wins sometimes in networking the lower number wins and it can be difficult to say the least to try to keep track of when it's higher and when it's lower here's the rule of thumb that I give to help with this situation and keep in mind it's a rule which means there are exceptions to every rule right so there will be exceptions to this and but if I tell you what keeping this rule in mind will help lay the foundation so that you can hopefully just remember the exceptions okay so here's the rule if it's a layer 3 protocol the higher number wins if it's a layer 2 protocol the lower number wins again I want to emphasize is this always true no it's not always true but in a lot of cases it is so let's walk through a couple of those so spanning tree protocol layer 2 protocol right the lower bridge ID will win in a spanning tree election process multicast is interesting do you know there's a layer 3 element of multicast called PIM and a layer 2 element of multicast called IGMP well when it comes to elections the pim dr designate router the higher number wins but the IGMP router is going to win the election if it has the lower IP address and that's with intention because they don't want the same router doing both functions and it's just you know they split it up that way we have OSPF priorities right OSPF dr the higher number wins that and yeah we're talking about fhr PE so fh are peas fit into this as well I will tell you one what the one that always comes to my mind that that that breaks this to something you know it definitely does is administrative distance because administrative distance the lower number wins and lower you know the lower metrics but that's because well it's it's because we're talking about distance and we want a lower distance so this is sort of its own category at the same time and that's a layer three concept and it does break this rule but a lot of our elections we can we can hopefully try to remember this so what comes to fhr peas and you're trying to remember is at the higher priority of the lower priority fhr peas are that's a layer of three concept and so the higher priority is going to win okay so all that to say the priority will determine who is the active and who is the standby what's the tiebreaker because we might have the same priority in fact in a lot of cases we do the default priority is 100 and if I don't change it we're gonna have a tie in priority on both of those routers well the tiebreaker will always be the IP address let's say that this is what do we say earlier dot two and dot three I believe we went with so let's say we have dot 2 and dot three on these two routers and so we're going to look at the that the physical IP address not the virtual IP address because they share that then we'll get the physical IP address and see dot two three okay well dot three is going to win that election that and so technically as I have this written out it's backwards because the standby is dot three and the active is that too but we can change we can take control of this this is this we want the network as deterministic as possible I want to know that this router is the primary or active this router is the standby I want to know that maybe it doesn't matter from a technical perspective but we just we want to know where our traffic is going therefore we're going to set priority in order to force the issue so a lot of times what we do is we set one router to be 110 and another router the other routers to be 90 because that makes sure that the you know standby is always the standby because it's less than the default which is 100 and the active should always be the active at 110 as long as we're talking about comparing two routers that are attached that we keep the default so that's this concept of priority I can set this priority by the way to be between 0 and 255 so we can go all the way up to the top of that number we can go all the way to the bottom either way higher priority wins okay so now we have our active now we have our standby and we're going to have to check I suppose to make sure that our active is still online well this would be a familiar concept it's used in routing protocols which is gonna be used in for supper Anansi protocols we're going to have timers going back and forth I say going back and forth but you know really the act of ascending these these hellos and standby is receiving those and processing I'm thinking ok it does go back and forth actually because the active does track the standby status as well either way these timers by default are set to 3 seconds for the hello hello and the 10 seconds for the dead timer or the I believe it's called the hold timer in HSR P by default this is just by default so I'm gonna be I'm supposed to be getting a packet a hello packet every 3 seconds if I don't get any packets in 10 seconds I'm going to assume that the other router is dead and if I understand by that means I'm going to take over for the active so this works in the scenario we described before right like ok this active router goes down and some you know standby has got to take over but it will wait 10 seconds by default can we wait 10 seconds it depends on your network depends on whoever makes the decisions they can decide that right I mean it's not always on the network Tech however in modern networks we do like to change those timers we like to tune them down again we can go sub second timers in fact we can even leverage something called bi-directional forwarding detection I'm not going to go into the details on BFD but BFD is sort of a call it a generic way of the another another router state and once you've established BFD relationships you can actually apply BFD settings to any routing protocol you want any fh RP you want any with an asterisk because I'm not sitting you're promising that's gonna work with every single thing you can figure on a router but what's nice about bi-directional forwarding detection is you can get down really really granularly like I don't I don't exactly know how many milliseconds but it can go very very it's designed to go very very fast and so it's sort of offloads instead of saying I'm gonna rely on HS RP timers I can actually rely on BFD instead of the HS RP timers to track if the other side goes down and yeah we can use BFD in OSPF and EIGRP and all kinds of other things so that's definitely an option for us now oh yeah worth mentioning by the way millisecond timers so not we're not talking BFD now we're talking about native HS RP we have to have her HS RP version 2 if we don't have HS or b version - we can't do millisecond timers all right I had that in my notes so there's what it tossed it out there okay last couple concepts here so first of all I'll just mention this we're not gonna go into detail we can do authentication okay so we can send basically require password and yeah we can do this in clear-text bad idea and we can do it using an md5 hash that would be the good idea so generally speaking just configure md5 it equates to a password there's you know you don't you you can use a keychain and we saw that when we did HS r e IG RP configuration a little while ago but you can also just configure a string onto the interface that's usually good enough so yeah we always recommend that we lock that down I will say this H SRP authentication is usually more about just an added layer of protection against accidental fat-finger configurations so let's say you replace one of these routers at one point you've got it on the shelf it's a lab router and somebody decides oh I'm gonna grab this router off the shelf and I'm going to attach it to the network and configure it and they plug it in and immediately because it was the primary in the past it takes over as primary and takes a whole network down and that's not ideal [Laughter] so having md5 passwords just it's just another layer of security and make sure nobody accidentally joins us HS RP group but certainly a you know it's going to it's going to protect against the malicious situation to where somebody actually does try to take over you know if you have a bad guy here that Network sniffs and sees H s RP traffic he could technically decide that I'm going to join this H SRP group I'm going to make all of these hosts send their traffic to me and then I send all the traffic up to the active it's called a man-in-the-middle attack the user has no idea that there's a man in the middle he's just we're sending all of our traffic to to the bad guy and the bad guys sending it all onwards so that we are none the wiser and so maybe he's gleaning data from us by way of this man the middle attack that's no bueno so definitely configure authentication on your HSR PE configurations last step is preemption so this concept of preemption let me let me make this drawing a little bit more clear yeah we'll just do that okay so preemption so let's say we have a priority of 110 here and a priority of 90 here and so this is our active good and here's our standby also good and then wouldn't you know it gee darn this keeps happening our primary goes down so our primary router has gone down our standby has now become the active but lo and behold with you know that router just hit a bug it reloaded it's back online not even five minutes later and here we are with the router online touting can I draw yeah all right there we go touting a 110 priority so I've got this 110 priority and you've got a 90 what are we gonna do with this situation well by default in HS RP nothing happens okay this is now the standby because the active is already in place there's no election to be had because they're out or two over there on the right and already won the election it is the active router and because it's the active router router on the Left router one is on standby and in theory leo the life is good we don't need to do anything however like I mentioned before networks we like it to be deterministic we like to know where our traffic is going and so what if I want when that router comes back online to take over for that well call it then call it the standby router it's now active we want to take over a round or two okay there we go right or two so I want to take that back from router to well this is this concept called preemption so let me clear that off and we'll go back purple so now if I've got this preempt command configured which again is not the default and HSR P but it we can configure it with preemption enabled what that means is now when I have the outage so this goes down we now have this router as the active and then this router comes back online because I have a higher priority level I'm able to take control back because I've configured preempt I can preempt the existing active router so effectively what that looks like is this active router now becomes the standby again and this routers active state is restored now why would I not want to do this well what if this link right here is flapping so it's flapping it goes up it goes down it goes up it goes down when it goes up it goes down so it goes down maybe it's every 30 seconds or so goes up or changes States so after 30 seconds it comes back online it preempts it grabs control back from the you know the other router but then it goes down again okay that introduces Network instability when we don't like network instability we want network stability and so if we have a situation where you know we don't necessarily want to be able to preempt because this router might be going up and down you know again we like deterministic now works but I also like to be in control and maybe I don't want it to come back up and immediately grab the active status again so if I want to be in control then what I can do is I can wait until after hours when nobody else is working or what have you and I login I just do I shut down on this interface I just shut it down let this one become the active and then I do a know shut and then it'll come up and it will put itself into a standby state ok so I can manually do it I can have it preempt I tell you what I mean I see a lot of preempt it's not a bad thing by any stretch it's it's simply being aware of what's happening on the backend and the potential problems that it could cause okay so yeah we might not get to configuration tonight 54 holy smokes alright so that is H SRP if you have any questions on HS RP time into the chat I'll be sure to answer those as the best of my ability meanwhile we're going to move on to VR P and this one and this one all right here we go vrrp all right so having understood now that we understand H SRP vrrp is largely just knowing the differences so when I'm looking at VR P the first biggest thing I need to know I've already mentioned it it's an industry standard this is not Cisco proprietary any router in the world could deploy vrrp it's all good if this shows up on a Cisco exam and it's asking you something about which protocol would you use Arpi would be it if it's asking for an industry-standard keeping in mind that HS RP version 1 HSR B version 2 ng l be PR all Cisco proprietary you cannot run those unless you are a Cisco router so if you don't have a Cisco Network you find yourself working on one and you need a first up redundancy protocol guess what the RP is your only option so you're gonna go roll with it now we mentioned already this as well we are not active standby we are master backup ok the words change we need to be aware of that as much as anything because we might get asked it on a Cisco test who knows but at least you know you're looking at it on a network and you're doing a show via or P command you should expect to see master and back up instead of active and standby okay interestingly this is kind of an interesting one remember we talked about those priority values so the same concept applies it's the highest priority highest IP address is the tiebreaker but HSR P you can configure between 0 and 255 I don't know why this is but vrrp it has to be between 1 and 254 so we've lost 0 we've lost 255 as options I suspect it's just cisco was like hey we've got 256 numbers use them all and the RP was probably like you know what let's reserve the first and the last because that's what we do networking is we reserved the first number in a sequence we reserved the last number in a sequence so that that's what it did alright here's the interesting probably the most interesting component of vrrp and the most compelling reason if you're gonna sit back and say ok Jeff if I have a Cisco Network what protocol should I use and most more often than not if you're on all Cisco Network you're probably gonna go with HS RP but there is one compelling reason why you might want to go with the RFP over H SRP and it is this when we talk about virtual IP addresses let's say we're dot 2 here on the master got 3 here on the backup we're talking about virtual IP addresses with Cisco we have to have a third number so dot 1 and indeed with vrrp we can also do dot one is the virtual IP address right for IP addresses dot one vrrp allows us to actually use the physical IP address of one of the routers so vrrp IP and then I can enter the dot to address that would be the command so if I'm making the router physical IP address be the virtual IP address that has a pretty big implication two big implications okay the first one is of which is we saved an IP address how much does that matter well on a network like this that I've just drawn it don't add up to a whole lot because this is probably size 24 Network 254 useable addresses and now I went from you know consuming three of those for my routers to consuming two of those from my routers okay so I took my 251 back up to 252 big whoop-de-doo not usually very important this can be really important when you have some situation like this where I have two routers attached to a service provider router maybe an Internet router and this is a slash twenty nine well if this is a slash twenty nine environment a lot of times what that means is I'm consuming dot one here that two here dot three here slash twenty nine is eight addresses but only six usable and so I'm already consuming three of them just with my routers to use a fourth for H SRP that's gonna stink because I'm I'm using 33% of my remaining addresses I use three of my six I've only got three left I'm gonna use one of them for HS RP so V RP is a great solution for that scenario we're saying you know what I need to reserve that address I'm going I'm trying to do netting or I'm trying to do you know throw other devices on this DMZ network or whatever the situation is be aware a vrrp will save you an address all right so if we do have applications we it with vrrp don't doubt that it's the biggest one so that's that's the I called an implicit it's not really an implication it's more of like the you know a benefit to vrrp the the implication is this we can't have duplicate IP addresses on our network so if that too is my virtual IP address and this router right here wins the election so this router is managing to well what happens to this physical address over here it's a duplicate IP address I can't get rid of that too I can't shut it down so what's the solution to this well solution is don't let that other router win the election all right this might be why we can't use 255 I don't know why I can't use 0 but I think it's why we can't use 255 no I think about it when we apply IP address dot 2 to the master in this case or 2 as well when we apply the physical IP address as the virtual IP address we're going to automatically configure a priority of 255 and I say automatically I mean the router does it ok Jeff doesn't have to do it as soon as I can figure that it applies itself it gives it the highest possible priority so it cannot lose an election because it cannot lose an election it's always going to be the master and by the way that means if it comes back out like it let's say it goes down and dot 2 is over here and it comes back online well we're gonna have preemption forcibly enabled as well because when it comes back online it has to own - so again the implication it makes sense the Masters physical IP address if it's also the virtual address oh I shouldn't say like that if a routers physical address is the virtual address that shared among many routers the router that owns a physical address has to be the master when that router is online I hope that makes sense I hope that was clear if not chimed in to the chat and ask away ok interestingly by the way as we wrap up vrrp because you know we don't spend as much time on vrrp because it's just HSR people with differences vrrp does have preemption enabled by default ok SRP preemption is disabled by default you have to explicitly enable it with vrrp if you don't want it to preempt you got to say no preempt okay so saying that it automatically enables it on master technically it was already enabled unless you disabled it at which point it will enable it because yeah again that router faults on line must be the master okay who VRP everyone on 2g LBP I tell you what if you've if you've been hanging out with us and you're like I already know each SRP or vrrp but I'm gonna hang out this this might be why you've been hanging out because G OPP is just a protocol that we don't have a ton of experience with because very few people use it and so I kid it that we just aren't as comfortable generally speaking with Geo BP alright in order to discuss G LBP we need a few more routers so let's go ahead and get those colored in here and there we go so let's say we've got and that's getting sloppy come on Jeff make it look nice I have no idea if that looks nicer but in my mind it is alright so now we've got four routers on this network and we've got some kind of common network uplink I don't know it doesn't really matter what's upstream honestly GL BP is called the global load balancing protocol and it's interesting because with HS our P and V are RP first of all we only support two routers in the active and standby state all right just to kind of cover HS RP real quick in this scenario we'd have an active router we never stand by a router and we'd have two listening routers the listening routers that they just can't get into a standby state because there's no room we have an active we have a standby and so I'm just left out in the dust I don't do anything okay so active is you know the only thing they can do is if the standby happens to go down then one of these will become a standby router right I mean that's why they're listening does you just never know what's gonna happen if the active goes down the standby will become the active and one of the listeners will also become the standby it makes sense so all of my traffic with HS RP is going out the active router so even with all even if I only have to is forget these two for a moment even if I only have two routers I'm not taking advantage of both of them I'm only I'm sending all of my traffic out one of those routers now we can work around this here's a clever idea what if these are layer 3 switches or they could be routers with sub interfaces and this I got rid of my green let me go back to my green this lets us call this a there we go VLAN 100 and then let's say I have VLAN 200 so these routers on a separate network segment I know it's a little confusing to try to draw it with different colors and this is VLAN 200 I covered it up VLAN 200 all right there we go is there any reason not to use GL BP that is the question of the hour and I love that question any reason not to use GL BP mostly complexity and troubleshooting people don't like it because they don't know it and I will say this there is zero reason to use GL BP if you only have well you gotta be careful with that let me finish this explanation we'll come back to that okay so we've got what we're going with this oh yeah so this is H s RP if I have HS RP and I am load balancing between VLANs 100 and 200 I might have the active and standby be what's in blue for VLAN 100 but for VLAN 200 I've got this router as the active and this router on the left is the standby so I can load balanced my traffic with H s RP I just have to do it cleverly I have to do it on a per network basis and that works great as long as I've got multiple VLANs so keep in mind some of the scenarios that we drew up here in the corner remember some of these internet edge scenarios whatever the situation is maybe with four routers maybe we have three routers in those situations we only have one VLAN and so G LBP might be a good fit for this if indeed I want to load balance between my routers I don't want all the traffic flowing through one router at a time now again if if everything is a gig link and my internet circuit through the whole thing is 100 Meg or 250 Meg or something like that everything is a gig sending it all through one router isn't the end of the world it just feels wrong yeah I guess so this is why G LBP I so seldom used because I can load balance in many situations what they just RP I just have to change the route the active and standby configurations on a per VLAN basis that's what I have to do in order to load balancers I just give it have to get clever like I'd like I mentioned all right so back to gob P what gob P enables me to do is if you can't tell by the way so far it seems like we've but it's probably pretty clear at this point what we're about to say do you OBP allows me to load balanced across all of these routers now i adjure it all with one pc there but let's assume there's lots of pcs here okay I can load balanced my network all of my devices on a single VLAN across any of these routers I can have up to four of them which is why I drew four but you could do this with two or three you could even do it with five but the fifth isn't going to participate in the load balancing it's going to sit there in the lesson state so the way this works is we have two states we have to be concerned with we have the active virtual gateway AVG and that equates to the active state in HSR P it is the router that's in charge and then we have active virtual forwarders active virtual forwarders or ABF's we have this is where we can have up to four of these AVF AVF ABF ABF so the active virtual forwarders are the ones that are capable of receiving traffic from the network and sending it upstream these ABF's are running virtual MAC addresses each one has its own virtual MAC address so that's important every AVF has its own virtual MAC address and the AVG does all of the responsibilities that we've spoken about as far as the active is concerned so the biggest thing it's responsible for is sending those are precise by sending these are per sponses the active virtual gateway the AVG is able to control on a per laptop basis otherwise that laptop a per host basis right any whatever devices attached to this network the AVG is able to tell it which AVF to go out it either sends it the first AVF SMAC address or it sends it the second a VF smack address we're talk about virtual MAC addresses here so keep that in mind too so we kind of have V Mac one here we have V Mac two V Mac three V Mac four so if I want to load balance this round-robin which is the default setting my AVG is going to send it's gonna alternate round-robin with what my virtual Mac is that I'm responding with so a host comes online they host Arps for the default gateway the AVG is going to respond with let's say virtual MAC address one then the next PC Arps for it and AVG responds to that with virtual MAC address two and then another PC same thing ARP requests our purse ponce compact virtual MAC address three fourth machine fires up does a ARP request art responses virtual MAC address for what that results in is we have four different pcs or four different laptops and they're using four different gateways is to imagine a network with a thousand hosts we could have 250 on every single active virtual foreigner now there are different ways we can load balance we can load balanced round-robin again that's the default we can round-robin with this concept of weight and if we do the weighted version then we it's kind of like round-robin except I can control the balance so I could for example say that this host here on the right gets twice as much for whatever reason than the other routers maybe it's got a phat or upstream pipe I mean that's that's what it's designed for right is you know my my internet service provider gave me a hundred Meg's circuit here and they gave me several backup ten Meg circuits well maybe I want 10 times the amount of traffic to go out that router so I would I would configure the weighted version of load balancing and you know the vast majority my traffic is going out that one router and the rest is getting lean a load balanced with the other three routers all right and oh yeah yeah and so the third way by the way for so we've got round-robin we've got weighted these are the different types of load balancing and we also have what's it called host dependent I think I've got in my notes what's it called is it host do-do-do-do-do BP but uh yes this is host dependent never doubt host dependent host dependent effectively says I'm gonna run a hash on your MAC address mr. host so you sent me an ARP request I look at your MAC address I run a hash and based on that hash I either get a one two three or four or something like that if I get a one I give you a virtual MAC address one if I get a - I give you B Mac - and the reason why so it's basically round robin in a way it's not round robin in a way what what if the the goal of host dependent is to make sure that you as a host always use the same gateway no matter what so if you log into the network and you're there for a little while and then log out of the network and then later on you log back into the network and you do another art per quest you're gonna get the exact same gateway in that situation and so you know I don't I don't have any specific applications to say why you'd use this but you know I go over a round robin or weighted but it's an option Cisco gave it to us as an option so one important note in all of this by the way is that if one of these active virtual forwarders goes down we're going to the one of the other active virtual forwarders will pick that virtual mac-address up and run with it so we do still have her done it soon from that perspective what if the AVG goes down well the AVG uses these tried and true we're familiar with this at this point we've got priority we've got preempt okay the AVG truly equates to this active role in HS RP from that perspective it's doing the art respond or yes doing the ARP responses it has the highest priority it won the election it has preempt configured so that's you know that that's the concept of active virtual gateway active virtual foreigners I believe I believe it's just the first four that show up so it will assign itself as an active virtual forwarder and then from there the next three devices that show up will be active virtual foreigners as well there is no election among the active virtual forwarders to my understanding okay so Papa to your to your question it's a good question why not use G LBP always well if you have two routers and I think I think the best way to explain it I just gonna stand by what I said before it's fine yeah you could deploy it every time you get on to present to play it every time the the problem is only around complexity and familiarity most network Tech's are very comfortable with HSR P and V RP I should say or HS RP or vrrp and so they just wanted to play what simple I've only got two routers I don't need GL B P to load balance and I will say this if like if if you don't have a reason to need to load balance there's not even really a strong reason to do it routers are pretty powerful these days and like I said we've got a lot of situations where we have a gig pipe you know to the network and then we've got like 10 Meg upstream and so like I've got plenty of bandwidth I can handle this I don't you know the router is not gonna get bogged down GOP P was certainly invented any time when riders could easily bogged down and so that that's the primary reason it was built I think that the primary application for Yoji LBP is going to be number number one sure this rare situation where you have four routers or three riders this doesn't happen very often the only thing I can really know it's a service providers you could see this happen every now and again but if service provider not usually we're using first up redundancy protocols but I've seen the internet edge where you've got like three routers going out to three different service providers I have seen that and the problem with DL BP again it's a good question because it's making me think - the problem with G OPP in that scenario is usually run BGP at the edge and BGP gives you very intelligent like hey that router is closer to Google than that router according to BGP so you want your edge routers to be able to decide to send to Google via the router that's closest to Google into Cisco comm the router that's close to Cisco calm if you're using GL BP in that scenario it'll work and you'll load bounce you can even weight it according to the different internet bandwidth but now you know your load balancing by bandwidth and your not load balancing by internet for lack of better words you're not sending stuff to one website the closest way to that website so even of those situations you usually use BGP instead of GL BP so I think it's like I think in the end I can't get away from the idea that's just it's just more complicated if people don't like complexity and understandably it's harder to troubleshoot when a network is having problems and so don't introduce the complexity unless you have an extremely compelling reason to do so so if you have an extremely compelling reason to do so then use GL BP but if the question is well I've got to start people running could I use GL BP instead the answer is yeah you absolutely could one thing to be aware of I didn't mention it I should have GL BP only has 1024 groups so I'd be aware of that limitation it's mostly because it's mostly that VLAN ID issue so like you have VLAN 1500 you couldn't apply LBP group 1500 that's more of a nuance that's not really a reason not to use it there's something to be aware of all right a very good question all right well that was a lot in an hour and 20 minutes we did not get to the lab but that's okay I think that this is a lot to digest and we'll give you something to think about tonight so I want to thank everybody for coming tonight I I guess called this news I was supposed to be at Cisco Deb net create next week and I was really looking forward to that too by the way an Cisco Mayday I think it's the right call they decided to cancel the conference due to health concerns everything that's going on out there today in this moment we've got some health concerns worldwide and so they decide to cancel that conference so I will not be here next week I'm sorry I will be back home I will be home next week but because the schedule we've already scheduled out to say we're gonna take a break next week I'll have a free night but I'm not sure what I'm gonna do with it so well we'll figure that out just find something to do with the family so everybody enjoy a study break next week we're off next week that would be March 10th we will be back March 17th I'm excited to come back on March 17th because again we're delving a little bit more into the encore content and March 17th is going to be about network architecture and so when you look at the Encore blueprint section one you see network architecture we're gonna be talking a little bit about network architecture there so be sure to come by in two weeks and talk network architecture if that is something that interests you so again thank you very much everybody for hanging out appreciate that if you have any thoughts or questions be sure to hit me up on Twitter at kiss squared for that matter if you have any suggestions for like what you'd like to see covered hit me up there in the meantime I'll see you next time have a good night everybody [Music] [Applause] [Music] [Music] you
Info
Channel: KishSquared
Views: 319
Rating: 5 out of 5
Keywords: encor, hsrp, vrrp, glbp, ccnp
Id: 91dHAwlmBEc
Channel Id: undefined
Length: 82min 59sec (4979 seconds)
Published: Fri Mar 20 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.