CCIE R&S Advanced Technologies Class v4.5

Transcript

1	Introduction	0h 43m
2	Using the Cisco Documentation	0h 52m
3	Ethernet Overview, Layer 2 Switchports, Trunking, ISL, 802.1q, DTP	0h 47m
4	VTP, VTP Authentication, VTP Pruning	1h 02m
5	VTP Prune Eligible List, VTP Transparent, VTP Troubleshooting, Trunk Allowed List, Extended VLANs	0h 48m
6	VLAN and VTP Review	0h 19m
7	SVIs, Native Routed Interfaces, Router-on-a-Stick	0h 46m
8	Layer 2 EtherChannel, EtherChannel Load Balancing, Layer 3 EtherChannel	0h 57m
9	802.1q Tunneling, Layer 2 Protocol Tunneling, EtherChannel over 802.1q Tunneling	1h 03m
10	STP Root Bridge Election, STP Root Port Election, STP Designated Port Election, STP Priority, STP Cost, STP Port-Priority	1h 46m
11	STP Review	0h 12m
12	STP Timers, STP PortFast	0h 34m
13	STP UplinkFast	0h 11m
14	STP BackboneFast	0h 12m
15	STP BPDU Filter	0h 13m
16	STP BPDU Guard	0h 11m
17	STP Root Guard	0h 11m
18	STP Loop Guard, Unidirectional Link Detection (UDLD)	0h 11m
19	Multiple Spanning-Tree Protocol (MST)	0h 40m
20	Rapid Spanning-Tree Protocol (RSTP), Rapid-PVST	0h 18m
21	MST with Multiple Regions	0h 33m
22	Flex Links	0h 16m
23	Frame Relay	0h 39m
24	Frame Relay Configuration Part 1	0h 34m
25	Frame Relay Configuration Part 2	0h 41m
26	Frame Relay Switching	0h 27m
27	Back-to-Back Frame Relay	0h 08m
28	Frame-Relay End-to-End Keepalives	0h 18m
29	PPP, PPP PAP Authentication, PPP CHAP Authentication	0h 59m
30	PPPoFR, PPPoE	0h 40m
31	Transparent Bridging, IRB	0h 32m
32	Fallback Bridging	0h 14m
33	IP Routing Overview, Switching Paths, Static Routing	0h 42m
34	Static Routing Examples	0h 25m
35	IP Default-Gateway, IP Default-Network	0h 14m
36	On-Demand Routing (ODR)	0h 07m
37	Floating Static Routes	0h 10m
38	Backup Interface	0h 29m
39	Enhanced Object Tracking, IP SLA, Reliable Static Routing	0h 21m
40	Policy Routing	0h 43m
41	GRE Tunneling, GRE Recursive Routing Errors	0h 27m
42	Reliable Backup Interface with GRE	0h 25m
43	RIP Overview, RIP Versions, RIP Auto-Summary	0h 48m
44	RIP Split-Horizon, RIP Timers	0h 22m
45	RIP Broadcast Updates, IP Directed Broadcast, IP Broadcast-Address, Smurf Attacks, Fraggle Attacks	0h 16m
46	RIP Unicast Updates	0h 03m
47	RIP Offset-List	0h 18m
48	RIP Authentication	0h 11m
49	RIP Summarization	0h 10m
50	Prefix-Lists, RIP Distribute-List Filtering, RIP Administrative Distance Filtering	0h 48m
51	RIP Default Routing, RIP Conditional Default Routing	0h 18m
52	RIP Triggered, RIP Validate Update Source,	0h 12m
53	EIGRP Overview	0h 29m
54	EIGRP Auto-Summary	0h 07m
55	EIGRP Split-Horizon	0h 11m
56	EIGRP Update Types, EIGRP Neighbor, EIGRP Passive-Interface	0h 24m
57	EIGRP Hello-Interval, EIGRP Hold-Time	0h 05m
58	EIGRP Authentication	0h 11m
59	EIGRP Time Based Authentication	0h 25m
60	EIGRP Path Selection, EIGRP Metric Weights, EIGRP Traffic Engineering	0h 47m
61	EIGRP Unequal Cost Load Balancing, EIGRP Variance	0h 19m
62	EIGRP QUERY, EIGRP Summarization, EIGRP Leak-Map	0h 28m
63	EIGRP Stub Router Advertisement	0h 22m
64	EIGRP Default Routing	0h 13m
65	EIGRP Route Filtering	0h 11m
66	EIGRP Router-ID	0h 07m
67	Miscellaneous EIGRP Features	0h 02m
68	OSPF Overview	0h 27m
69	Establishing OSPF Adjacencies, Understanding the OSPF Database	0h 43m
70	OSPF Network Type Broadcast, OSPF DR/BDR Election, OSPF over NBMA, OSPF Network Type Non-Broadcast and Point-to-Multipoint	0h 56m
71	OSPF Network Type Point-to-Point, OSPF Network Type Mismatch	0h 13m
72	OSPF Network Type Point-to-Multipoint Non-Broadcast, OSPF Per Neighbor Cost	0h 17m
73	OSPF Network Type Loopback	0h 02m
74	OSPF Path Selection	0h 27m
75	OSPF Convergence Timers	0h 09m
76	OSPF Authentication	0h 12m
77	OSPF Summarization	0h 32m
78	OSPF Stub Areas, OSPF Totally Stubby Areas, OSPF NSSAs, OSPF Totally NSSAs	0h 40m
79	Controlling OSPF NSSA Redistribution	0h 02m
80	OSPF Type 7 to 5 Translator Election, OSPF LSA Type 3 Filter, OSPF Forwarding Address Suppression	0h 24m
81	Route Redistribution Overview	0h 36m
82	Route Redistribution Configuration & Verification, Connected Redistribution	0h 22m
83	OSPF External Path Selection, TCL PING Scripting	0h 33m
84	Routing Loops Overview, EIGRP Route Loop Prevention	0h 55m
85	Metric Based Routing Loops, Route Tagging	0h 46m
86	Administrative Distance Based Routing Loops, Debug IP Routing, IP Route Profile	0h 58m
87	BGP Overview, BGP Peering Types	0h 51m
88	Establishing BGP Peerings, EBGP Multihop, BGP Neighbor Disable Connected Check, BGP TTL Security	0h 49m
89	BGP 4-Byte ASNs	0h 20m
90	BGP Local AS, BGP Peer Groups	0h 30m
91	BGP Next-Hop Self, BGP Next-Hop Processing	0h 30m
92	BGP Route Reflectors	0h 37m
93	Large Scale BGP Route Reflectors with Clusters	0h 34m
94	BGP Confederation	0h 37m
95	BGP NLRI Advertisements, BGP Network Statement, BGP Redistribution	0h 43m
96	BGP Aggregation, BGP Aggregation & Summary-Only, BGP Aggregation & Unsuppress-Map	0h 46m
97	BGP Origin, BGP Aggregation & AS-Set, BGP Aggregation & Advertise-Map	0h 22m
98	BGP Conditional Route Injection	0h 21m
99	BGP Bestpath Selection, BGP Multipath, BGP Weight	0h 53m
100	BGP Local Preference, BGP Local Preference and Communities, BGP AS-Path Prepending,	0h 30m
101	BGP MED, BGP MED Missing As Worst, BGP Deterministic MED	0h 17m
102	BGP Communites, BGP Regular Expressions	0h 43m
103	BGP Filtering, BGP Convergence Timers, BGP Default Routing, Miscellaneous BGP Features	0h 24m
104	MPLS Overview, MPLS Label Distribution Protocol (LDP)	1h 05m
105	MPLS Tunnels, MPLS Penultimate Hop Popping (PHP)	0h 40m
106	MPLS Layer 3 VPNs Overview, VRF Lite	0h 36m
107	MPLS Layer 3 VPNs and VPNv4 BGP	1h 08m
108	MPLS Layer 3 VPN Verification & Troubleshooting	0h 49m
109	MPLS Layer 3 VPN OSPF PE-CE Routing Overview	0h 06m
110	MPLS Layer 3 VPN OSPF PE-CE Routing Path Selection & Sham-Links	2h 01m
111	MPLS Layer 3 VPN OSPF PE-CE Routing Loop Prevention & Down-Bit, OSPF Capability VRF-Lite	0h 40m
112	IPv6 Overview, IPv6 ICMPv6 ND, IPv6 over NBMA	0h 44m
113	IPv6 Routing Overview, IPv6 Static Routing	0h 28m
114	IPv6 RIPng	0h 20m
115	IPv6 EIGRPv6	0h 09m
116	IPv6 OSPFv3	0h 31m
117	MP-BGP for IPv6	0h 26m
118	IPv6 Tunneling	1h 13m
119	Multicast Overview, IGMP	0h 34m
120	PIM Overview	0h 18m
121	PIM Dense Mode	1h 03m
122	PIM Sparse Mode	0h 30m
123	PIM Sparse Mode Configuration	0h 36m
124	PIM Sparse Mode RPF & RP Troubleshooting	0h 27m
125	Auto-RP, Multicast over GRE Tunnels	0h 53m
126	Bootstrap Router (BSR), Bidirectional PIM, Source Specific Multicast (SSM)	0h 40m
127	MSDP, Anycast RP	0h 27m
128	IPv6 Multicast Routing	0h 24m
129	QoS Overview, IntServ QoS, DiffServ QoS, IP Precedence, DSCP, MQC, HQF	0h 41m
130	MQC Classification	0h 44m
131	FIFO, FQ, WFQ, CBWFQ, HQF	0h 50m
132	LLQ	0h 23m
133	WRED	0h 31m
134	Traffic Shaping, Traffic Policing	0h 40m
135	Frame Relay Traffic Shaping (FRTS)	0h 33m
136	RSVP	0h 07m
137	Catalyst 3560 QoS	1h 00m
138	IOS Security Overview, Access Lists (ACLs)	0h 58m
139	Time Based ACLs, Dynamic ACLs	0h 33m
140	Reflexive ACLs	0h 21m
141	TCP Intercept, Content Based Access Control (CBAC)	0h 34m
142	Zone Based Policy Firewall (ZBPF)	1h 09m
143	AAA, Local Authentication, Local Authorization, Role Based CLI Access	0h 43m
144	Port Security, Static CAM Entries, Storm Control, 802.1X Authentication, PACLs, RACLs, VLAN Access Maps (VACLs)	0h 48m
145	DHCP Snooping, Dynamic ARP Inspection (DAI), IP Source Guard	0h 12m
146	Protected Ports, Private VLANs	0h 25m
147	IP Services Overview, HSRP	1h 10m
148	VRRP, GLBP	0h 28m
149	NAT	0h 42m
150	DHCP, DNS	0h 30m
151	NetFlow	0h 09m
152	WCCP, Miscellaneous IP Services	0h 06m
153	System Management Overview, NTP, NTP Authentication	0h 24m
154	SNMP, RMON	0h 38m
155	Syslog, Telnet, SSH, Banners	0h 21m
156	EEM Scripting, Miscellaneous System Management	0h 26m
Total Duration		81h 42m

Slides - Diagrams

Slides - Introduction

Slides - Ethernet Switching

Slides - Advanced Ethernet Switching

Slides - Frame Relay

Slides - PPP

Slides - Transport Bridging

Slides - Redistribution

Slides - IOS Security

Slides - Layer 2 Security

Slides - IP Services

Slides - System Management

0:00:13	In our next section we're going to look at the other two first
0:00:16	hop redundancy protocols which are VRRP and GLBP
0:00:21	and essentially VRRP's functionality maps almost
0:00:24	identically one to one with HSRP. The main difference
0:00:29	being that this is an open standard based on RFC
0:00:32	5798 which we can see is for both IP version 4
0:00:36	and IP version 6
0:00:39	and we are using the terms master and backup
0:00:42	as opposed to primary and standby.
0:00:46	Now syntax wise, VRRP GLBP and HSRP are almost
0:00:50	identical where HSRP is using the standby command
0:00:54	VRRP is going to use the VRRP command
0:00:57	and GLBP is going to use the GLBP command.
0:01:01	We'll see that you can take the configuration of
0:01:04	one feature and map it almost identically to another
0:01:07	feature as long as you swap out the standby command
0:01:10	with VRRP or GLBP.
0:01:14	Some of the other key differences are that
0:01:16	VRRP is preemptive by default where HSRP is
0:01:20	not, so this means that if we are doing any type of
0:01:24	interface or enhanced object tracking and we want to choose
0:01:28	which is the master router as opposed to the active
0:01:31	based on the priority, then whoever has the
0:01:34	higher priority value is automatically going to
0:01:36	be elected. With HSRP we need to manually enable
0:01:40	preemption on whatever device we want to take over
0:01:44	the active status. Additionally the virtual
0:01:47	Mac address is going to use a different format, but just like
0:01:50	HSRP, the group number is going to be encoded
0:01:54	in the Mac address.
0:01:56	So for load balancing of the VRRP, we would have
0:01:59	multiple groups on the interface where some hosts are defaulting
0:02:03	to the virtual address of one group where other hosts
0:02:07	are defaulting to the virtual address of other groups.
0:02:10	So let's take a look at the command line configuration
0:02:13	here where we're going to take essentially identically what we had
0:02:17	on Router 4 and 6
0:02:19	with HSRP and we'll configure this instead
0:02:23	with VRRP.
0:02:25	So to start on Router 4, I'm going to remove our current
0:02:28	configuration. On Fast Ethernet 0/1 I'll say no standby 0
0:02:33	and no standby 1
0:02:38	which should remove all of my options
0:02:41	which it has and we're going to replace this with the
0:02:43	VRRP configuration. On Router 4 we'll say now instead
0:02:48	vrrp 1
0:02:53	The IP is 155.28.146.254
0:03:03	The VRR 1 -- vrrp 1 priority
0:03:09	will be 254
0:03:13	and we'll leave everything else as the default for now.
0:03:16	So on Router 6, we'll do the same thing.
0:03:20	On Fast Ethernet 0/0.146
0:03:24	no standby 1
0:03:28	instead we'll say vrrp 1
0:03:32	We see Router 6 is changing to the backup status
0:03:35	because Router 4 has the higher priority value
0:03:38	that I configured
0:03:39	if we look at now the show vrrp
0:03:43	as opposed to the show standby, Router 6 says that
0:03:46	it is the backup router.
0:03:50	This is the virtual address we've configured.
0:03:53	The virtual Mac address is 0000.5e00.0101
0:03:59	so again, where the last byte is encoding the group identifier.
0:04:03	Preemption is on by default, priority is still 100 by default
0:04:11	The master advertisement interval is one second
0:04:14	where the down interval is three seconds, so the default
0:04:17	timers are a little bit faster here, but again typically you would want
0:04:21	to rely on BFD, your Bidirectional Forwarding Detection
0:04:26	and not your Layer 3 keepalives
0:04:30	because it's generally going to take more CPU cycles
0:04:33	in the control plane to do keepalives that are for
0:04:36	VRRP or OSPF or BGP
0:04:39	those type of higher layer protocols as opposed to just
0:04:43	doing the light weight Layer 2 check
0:04:45	which is what BFD is designed to do.
0:04:50	If we look at the end result of this, from the end host it's
0:04:52	going to be completely transparent from them
0:04:55	where as we trace to 112.0.0.1
0:04:57	we can see the traffic is forwarding out to Router 4
0:05:02	If Router 4's link directly goes down
0:05:08	so this is the interface that we're actually running VRRP on
0:05:11	we should see that Router 6 promotes itself to the master
0:05:14	status and now the traffic is transparently redirected to them.
0:05:21	On Router 1, if we look at the show arp
0:05:26	and the virtual address is still going to point to that same
0:05:29	virtual Mac address regardless of who is servicing it.
0:05:32	The key being is that the master router just like the active router
0:05:36	in HSRP is the one that is it is going to send the
0:05:39	arp replies for any request and the gratuitous arps
0:05:44	which is the unsolicited reply to update both the CAM table
0:05:47	and the arp cache of the devices on the segment.
0:05:50	Now on Router 6 if we look at the debug IP packet
0:05:54	detail using access list 101
0:05:57	where again, access list 101 is saying not eigrp and not bgp
0:06:03	The difference between HSRP and VRRP from a transport
0:06:07	point of view is that we have a dedicated IP protocol
0:06:11	number which is 112 and we have a dedicated
0:06:16	multicast address which is 224.0.0.18
0:06:19	so beyond the differences from the packet level
0:06:23	format where obviously we can't run HSRP on one
0:06:26	side and VRRP on the other side because they're
0:06:28	two different protocols. The functional difference is going to be
0:06:31	pretty much the same.
0:06:34	Where from a design point of view, you would probably want to
0:06:36	choose VRRP over GLBP
0:06:39	just in case in the future you need to do any sort of
0:06:42	vendor interoperability since VRRP is the open standard
0:06:46	then generally most of the time it's going to be better to
0:06:49	go towards the standard's protocols as opposed to the
0:06:53	the vendor proprietary ones.
0:06:57	Now when we look at the next iteration which is through GLBP
0:07:02	The advantage of using this one is that we can do
0:07:06	multiple active routers at the same time
0:07:11	in order to do load balancing out of the network.
0:07:14	Where GLBP is a Cisco proprietary protocol
0:07:17	again just like HSRP, but it extends the HSRP
0:07:21	functionality by decoupling the role of the person in charge
0:07:26	of the ARP responses
0:07:30	versus the person that actually forwards the traffic
0:07:32	based on the virtual Mac addresses.
0:07:36	Where in both HSRP and VRRP, we only have the
0:07:39	single roles of the active router or the master router
0:07:43	GLBP has two separate roles where these are called the
0:07:46	active virtual gateways and the active virtual forwarders.
0:07:52	The active virtual forwarders are the routers that have
0:07:54	the virtual Mac addresses assigned that actually
0:07:58	forward the packets out of the network.
0:08:01	The key is that we have this additional role
0:08:03	which is now the active virtual gateway
0:08:06	that is in charge of responding to the ARP requests from the
0:08:09	end hosts.
0:08:12	And the key point is that the active virtual gateway
0:08:15	is going to respond with the Mac address of the active
0:08:17	virtual forwarder.
0:08:20	So depending on how we have the load balancing
0:08:22	configured whether it's on a one to one basis
0:08:25	or whether it's based on a specific weighting value
0:08:28	that is going to control how many times the active virtual
0:08:32	gateway uses the Mac address of one host versus the other
0:08:36	in the ARP reply.
0:08:41	So just like other load balancing mechanisms, it's hard to get an
0:08:44	equal distribution where you would never have a traffic
0:08:47	flow that's exactly one to one or exactly two to one
0:08:51	with your weighting because we're not doing a packet level
0:08:54	load balancing or even a destination load balancing
0:08:58	we're doing this based on the ARP replies.
0:09:02	So depending on the underlying traffic pattern of the end hosts
0:09:07	we could get somewhere close to the weighting that we're
0:09:10	configuring, but it's never going to be an exact value.
0:09:13	So typically when you actually implement this, you would want
0:09:15	to do some sort of application monitoring like NetFlow or
0:09:20	SNMP monitoring to figure out what's the actual
0:09:24	result of the utilization based on load balancing, then you could
0:09:27	change the weighting around in order to get whatever
0:09:30	particular value that you want.
0:09:33	Now implementation wise, the key difference again is that we
0:09:37	have this decoupling of the active virtual gateway
0:09:40	from the active virtual forward.
0:09:42	The active virtual gateway is the one that is replying
0:09:46	to the ARP requests.
0:09:48	So there's going to be one gateway where all of the other
0:09:52	routers are going to be backing up the virtual gateway.
0:09:57	The active virtual gateway by default is going to be
0:09:59	the only active virtual forwarder unless we
0:10:03	configure the other routers to do load balancing.
0:10:07	So now let's take our next configuration here which was
0:10:10	the VRRP and we'll change this to match the GLBP config.
0:10:17	So on Router 4 let's show run interface Fast Ethernet 0/1
0:10:22	We'll say no vrrp 1
0:10:26	and we'll replace this with the glbp 1
0:10:31	The IP address is going to be the same 155.28.146.254
0:10:42	on Router 6 likewise
0:10:45	we'll say no vrrp 1
0:10:49	and set that to GLBP
0:10:54	If we now look at the show GLBP
0:10:57	as opposed to show standby or show HSRP
0:11:03	We should see once the routers go through their initial
0:11:06	convergence, we discover who is the active virtual gateway
0:11:11	and who are the active virtual forwarders.
0:11:17	Router 6 says that preemption is disabled.
0:11:24	The active router is Router 4
0:11:27	has a priority of 100
0:11:29	This is talking about the active virtual gateway.
0:11:34	So when we keep going a little bit further in this output
0:11:37	it says that there are two forwarders which consist
0:11:43	of this particular Mac address
0:11:47	which is Router 4
0:11:50	and the second Mac address F922
0:11:54	which is us locally is Router 6
0:11:59	then it says we changed to the listen state which means that
0:12:01	Router 4 is now active.
0:12:03	If we show glbp 1
0:12:08	or just show glbp
0:12:13	where again, this active status this is talking about the
0:12:16	active virtual gateway.
0:12:19	So technically, it doesn't even really matter who is the active
0:12:22	virtual gateway
0:12:23	as long as the active virtual forwarders are correct
0:12:26	which is the devices that are actually forwarding the
0:12:30	traffic onto the link.
0:12:32	Right now it says that forwarder 1 is active
0:12:35	where forwarder 2 is listen.
0:12:38	Again, we need then to do the correlation between
0:12:40	the Mac addresses and the actual IPs.
0:12:43	So the 9B address this is Router 4
0:12:48	that is the first forwarder.
0:12:50	This is active
0:12:54	where the second forwarder 22 that's Router 6's address
0:12:58	right now this is in the listen state.
0:13:02	So if we look at the result of this and go to switch 4
0:13:06	and do a trace route out to that same destination
0:13:10	we should see ultimately that the traffic is going to be
0:13:12	received by Router 4
0:13:15	Now what I may need to do here on the end host that's
0:13:19	doing the decision which essentially is Router 1
0:13:22	here when I look at the show arp, I need to make sure
0:13:26	that that old Mac address is flushed out of the
0:13:30	CAM table and out of the ARP cache.
0:13:34	So some of the potential convergence problems with
0:13:36	these first hop redundancy protocols are going to be the IP address to
0:13:40	Mac address mapping and then also the Mac address
0:13:43	in the CAM table.
0:13:45	So right now, traffic is being dropped basically
0:13:49	because Router 1 has the wrong ARP information.
0:13:53	If I tell it to clear out the ARP cache
0:13:57	I should see the .254 address is going to change
0:14:02	to now the Mac address that is specific to GLBP
0:14:07	It says 0007.b400.0101
0:14:10	Specifically if we correlate this with what Router 4 says
0:14:17	this 0101 is the Mac address of Router 4
0:14:22	as the active virtual forwarder.
0:14:28	So we really don't care about what is the Mac
0:14:30	address of the active virtual gateway because that
0:14:33	is not the device that's actually forwarding the packets.
0:14:35	The active virtual gateway is basically used just for
0:14:38	the control plane of this feature.
0:14:42	Now if we send packets out to the destination
0:14:46	it says that they're going out to Router 4
0:14:49	Now to test the actual load balancing here
0:14:52	what I'm going to do on Router 4 and Router 6
0:14:54	is on their inbound connections to this
0:14:58	VLAN 146, I'm going to configure an access list
0:15:01	that is going to account for our ICMP echoes
0:15:07	which means we're going to be using just basic pings
0:15:10	in order to test which of the exit points are we using.
0:15:14	So on Router 4 I'm going to configure a new access list
0:15:18	we'll say access list 111 permits icmp any any
0:15:23	access list 111 is then going to permit ip any any
0:15:28	and this is going to apply inbound on Fast Ethernet 0/1
0:15:34	ip access group 111 in
0:15:36	Router 6 will essentially do the same thing.
0:15:41	Then we can use the show access list output
0:15:45	to figure out which gateway is actually being used for
0:15:49	the forwarding.
0:15:51	ip access group 111 in
0:15:57	So now from the end hosts let's say on all the switches
0:16:01	switch 1 through switch 4, we'll do pings out to these
0:16:04	destinations, we'll say 112.0.0.1
0:16:07	and we'll send 10 packets.
0:16:10	We'll do this on each of the four switches.
0:16:15	So now when I look at my packet counters
0:16:19	there have been 40 packets total. On Router 4 let's look
0:16:23	at the show access list
0:16:28	Router 4 says that 40 packets came in.
0:16:30	So this essentially means that with the default configuration
0:16:35	we're not doing any load balancing.
0:16:39	So we do need to go the step further to configure
0:16:42	the active virtual gateway to tell it what is the weighting going to be
0:16:46	which is essentially how it responds to the ARP replies.
0:16:55	Again, specifically this is Router 4 who is elected the gateway.
0:16:59	So we'll say on this link for GLBP 1
0:17:03	I want to change the weighting
0:17:07	Let's say that my weighting value is 10
0:17:14	then we can change the different threshold values
0:17:19	this is going to determine whether it's actually being
0:17:21	used or not based on tracking.
0:17:23	So we can get into a more complex procedure with
0:17:26	tracking that if I have multiple outbound links
0:17:29	for my uplinks
0:17:31	let's say I have two GIG Ethernet links.
0:17:34	I could say that if both of them are up, I'm going to
0:17:37	have a weighting of 10, but if one of those -- one of them
0:17:40	goes down, maybe I'll reduce to a weighting of five.
0:17:43	If both of them are down I want to remove myself
0:17:47	from the active virtual forwarder election
0:17:49	because I don't have anywhere to get out to the rest of the network.
0:17:53	So now I have the weighting configured, I'm also going to
0:17:56	say that the specific load balancing is going to use
0:18:00	the weighting.
0:18:02	So load balance and proportion to the forwarder's
0:18:04	weighting where Router 4 is configured as ten
0:18:07	I'm going to configure Router 6 then as a weighting of five.
0:18:14	GLBP 1 the weighting is five.
0:18:21	So now on Router 4 if we look at the show glbp
0:18:25	it says that there are two forwarders still only one of
0:18:28	them is active.
0:18:32	So we need to see ultimately that Router 6 is going to become
0:18:36	an active forwarder
0:18:38	which typically what you would do with this configuration
0:18:42	is just make sure that they all have the same config.
0:18:46	So Router 6 would agree that they're going to do the load balancing
0:18:50	based on the weights
0:18:56	then if we show glbp
0:19:04	it says for forwarder 2 we are active.
0:19:11	So now let's try this with a different destination let's
0:19:13	ping 113.0.0.1
0:19:19	we'll do this on all four of the switches.
0:19:27	When we look at the result of the show access lists
0:19:36	Router 4 says I have a thousand matches
0:19:38	actually this counter's on let's say clear access list counters
0:19:48	on both of these clear access list counters
0:19:51	let's try these pings again.
0:19:59	Then we will show access list.
0:20:22	And what I actually should have said here for the
0:20:29	ACL I should have said icmp any any echo
0:20:32	because some of these matches are from other
0:20:34	icmp type codes that are forwarding on the link
0:20:39	which mainly are going to be redirects here.
0:20:42	So let's do this real quick let's say ip access list 111
0:20:50	or extended 111 no 10
0:20:54	10 says permit icmp any any echo
0:21:00	So we're replacing that line to be a little bit more specific.
0:21:04	Then I'll do the same thing on Router 6
0:21:06	ip access list extended 111
0:21:10	10 is changing just to echo
0:21:12	if we show access list
0:21:16	on both of them
0:21:32	we sent packets to the destination if we now look at the show access list
0:21:37	Router 4 received 25 of the packets
0:21:43	Router 6 didn't receive any
0:21:46	which means that Router 4's counter is just lagging here.
0:21:49	So this should essentially go up.
0:21:52	What this essentially means is that even though there's
0:21:56	multiple sources that are forwarding traffic onto the
0:21:58	link, keep in mind that the load balancing is based on the
0:22:02	ARP request and reply.
0:22:07	So with our particular design here who is doing the ARP request
0:22:11	for the virtual IP address.
0:22:16	It's not the actual originators of the traffic because I'm originating
0:22:19	the traffic from the
0:22:28	the different switches, so traffic is coming in here
0:22:30	it's coming also from switch 2
0:22:34	it's coming from switch 1
0:22:36	and it's coming from switch 3
0:22:39	When the traffic actually gets onto this VLAN 146 segment
0:22:44	the device that's controlling where it's going to forward to
0:22:47	is Router 1
0:22:49	because Router 1 has the ARP entry that goes
0:22:52	from the virtual address to the virtual Mac address.
0:22:59	So what I would need to do is actually clear
0:23:01	the ARP cache on Router 1
0:23:03	and look at what changes
0:23:08	if I change from one virtual gateway to another one.
0:23:13	So from Router 1 let's ping 114.0.0.1
0:23:19	clear the ARP cache and then do this again.
0:23:22	Eventually what I should see is that the Mac address
0:23:26	is changing from the .101 address
0:23:33	to the dot -- or actually the .0101
0:23:39	to .0102
0:23:47	One of these is going to represent Router 4
0:23:49	one of these is going to represent Router 6
0:23:53	So again, the load balancing is not going to be exact
0:23:55	regardless of what the weighting you configure is
0:23:59	because it's not a per destination load balancing
0:24:02	like CEF would be, it's a per ARP request
0:24:06	load balancing.
0:24:08	So this means if host one gets gateway one
0:24:13	and host two and three get gateway two
0:24:17	if host one is still sending the majority of the traffic flows
0:24:20	then the weighting is not going to be in a ratio of one to two.
0:24:25	So again, it's kind of a hack on the process, but it
0:24:29	it at least allows you to forward through both of them at the same time.
0:24:32	So if we compare the show access list output on Router 4
0:24:36	versus Router 6
0:24:38	we see at least now that Router 6 is getting some of the
0:24:40	hits, but in general, they would be in a ratio of more
0:24:46	traffic being sent to Router 4 versus Router 6
0:24:49	because we have the weighting set to be higher.
0:24:51	The vast majority of the other features are going to be
0:24:55	nearly identical between the protocols.
0:24:57	So if we say glbp 1
0:25:00	we can do authentication with both md5 and clear text.
0:25:05	If I wanted to change the timers, this is going to
0:25:09	affect the reconvergence directly on that segment.
0:25:14	If I want to change my
0:25:19	weighting let's say weighting we want to do tracking
0:25:23	then I'll track object number 10
0:25:25	If object number 10 is down, I'm going to decrement my
0:25:28	weighting value as opposed to my priority
0:25:33	because the priority is affecting the active virtual
0:25:36	gateway election, not the active virtual forwarder election.
0:25:42	If we wanted to change the particular forwarder options
0:25:45	we could say glbp 1 forwarder
0:25:50	then I want to take over the state for other lower
0:25:54	priority forwarders, so this would be the case where you
0:25:56	only want one virtual forwarder similar to HSRP or VRRP
0:26:02	and you don't want to do load balancing between
0:26:05	forwarders that have different weight values.
0:26:08	So with this third option GLBP, you can get very
0:26:10	granular with it, but when you look at the comparison
0:26:14	of the final result, so the affected differences is not
0:26:19	really that much. HSRP and VRRP are almost identical
0:26:23	where GLBP is adding this load balancing mechanism
0:26:26	by separating the active virtual gateway versus the
0:26:29	active virtual forwarder. Now within the scope of the
0:26:32	exam for these three first hop redundancy protocols
0:26:35	as long as you try this out a couple times, then you
0:26:38	know where this is located in the configuration guides
0:26:41	which again is going to be under the IP application services.
0:26:44	Then the first hop redundancy protocols.
0:26:47	If you look at either the configuration examples
0:26:51	or the command reference
0:26:53	like let's say here configuration example customizing GLBP
0:26:58	you should essentially be able to take this config
0:27:01	and essentially just change it around for whatever values
0:27:04	that are being asked in the question. So it's
0:27:06	more of an issue of a design choice
0:27:09	as to which of the three do you want to use.
0:27:11	If load balancing is needed, then you're going to have to use
0:27:14	GLBP. For VRRP and HSRP they're the same
0:27:18	with the difference behind the scenes being that
0:27:22	VRRP is the open standard and HSRP is Cisco proprietary.

Now Viewing

CCIE R&S Advanced Technologies Class v4.5
Title:	CCIE R&S Advanced Technologies Class v4.5
Duration:	81h 42m
The CCIE Routing & Switching Advanced Technologies Class is the first step in understanding CCIE level technologies and is a companion to the Advanced Technologies Lab Workbook. Each technology you need to know for the CCIE Routing & Switching lab will be described in detail using an instructor led hands on demonstration. The class consists of over 80 hours of in depth explanations and examples.
Get instant access to our entire library!
	Sign Up
Download this Course
$299.00	Add to Cart

VRRP, GLBP

Create Bookmark