Gateway Load Balancing Protocol (GLBP)

Why we need First Hop Gateway Redundancy?

LAN users are configured with Default-Gateway IP address, which is the IP of their Local router, which acts as a Proxy, and helps them communicate with remote/distant users. LAN users resolve the MAC address of Gateway router using the Proxy ARP method.

If the gateway router fails, the LAN users would be affected. This means that Specifying a default gateway for LAN Users leads to a single point of failure.

Instead of making the LAN users responsible for choosing a new gateway, First Hop Redundancy protocols enable two or more routers to support a shared MAC address (virtual) and advertise to ARP queries of LAN users. If the primary router fails, the backup router assumes control of traffic forwarded to that MAC.

Below are the protocols that provide First Hop Gateway redundancy to users:
  • HSRP (Hot Standby Router Protocol)
  • VRRP (Virtual Router Redundancy Protocol)
  • GLBP (Gateway Load Balancing Protocol)

This article explains - How GLBP works? 

Difference between HSRP/VRRP and GLBP

In HSRP and VRRP only Primary Gateway Router forwards the traffic towards the WAN link. The Backup routers only actively forward the traffic when the Primary router fails.

Although we have a way to use both the gateways to forward the traffic using different groups this is a workaround and requires manual configuration.

GLBP  has an advantage over HSRP and VRRP as it enables up to 4 gateway routers to be used simultaneously for sending traffic over WAN links by maximizing and efficient use of bandwidth by load-balancing the traffic over multiple WAN links.


GLBP Useful Points:

  • GLBP is a Cisco-proprietary protocol developed to provide redundancy to LAN Users at the Network layer.
  • Using GLBP, the gateway routers or Multi-Layer switches(MLS) are configured to behave as Multiple gateways (with single Virtual IP and different Virtual MAC addresses) to the LAN users.
  • GLBP works on top of UDP (port 3222) i.e. at the Application layer.
  • GLBP gateways/routers/Multi-layer Switches send hello messages on  Multicast address 224.0.0.102.
  • The gateways routers/MLS for a given gateway address (Virtual IP) are made the member of a common GLBP Group
  • LAN users are configured with the Virtual IP (also called Phantom IP) of the Gateway running HSRP.
  •  The router with the highest priority value, or the highest IP address (if Priority is a tie) in the group becomes Active Virtual Gateway (AVG). The AVG answers all ARP requests for the virtual router address from the users. It depends on the load-balancing algorithm based on which MAC address is returned to ARP queries.
  • One task of AVG is to assign the necessary virtual MAC addresses to each of the routers participating in the GLBP group. Up to four virtual MAC addresses can be used in any group. Each of these routers is referred to as an Active Virtual Forwarder (AVF), forwarding traffic received on its virtual MAC address. Other routers in the group serve as backup or secondary virtual forwarders, in case the AVF fails. The AVG also assigns secondary roles.
  • GLBP group numbers range from 0 to 1023. It means you can use groups up to a maximum of 1024 per physical interface. 
  • The router priority can be 1 to 255 (255 is highest), and 100 is the default value.
  • Like HSRP, preemption is not enabled by default in GLBP. We have to manually enable preemption.
  • The load sharing is done in one of three ways:

    1. Weighted: Traffic is balanced proportional to a configured weight.
    2. Host-dependent: A given host always uses the same router.
    3. Round-robin: Each router MAC is used to respond to ARP requests in turn. It is the default mechanism.

 Sample Lab and Commands

R1 is Active AVG (Priority 120) and R2 is Standby AVG router (Priority 110). If R1 fails, R2 will take the role of AVG.
Also, R1, R2, R3 will also act as AVFs to forward the traffic to remote WAN router R7(7.7.7.7).
 

R1#sh run int f0/0
interface FastEthernet0/0
 ip address 10.10.123.11 255.255.255.0
 ip ospf 10 area 0
 glbp 20 ip 10.10.123.1               
 glbp 20 priority 120                  
 glbp 20 preempt delay minimum 20
 glbp 20 authentication md5 key-string cisco
 glbp 20 weighting track 10 decrement 30    >>>> Will decrement weight based on Track status.
end

The AVFs will show in Listen state.

 R1#sh glbp
FastEthernet0/0 - Group 20
  State is Active
    2 state changes, last state change 00:37:19
  Virtual IP address is 10.10.123.1
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.308 secs
  Redirect time 600 sec, forwarder timeout 14400 sec
  Authentication MD5, key-string "cisco"
  Preemption enabled, min delay 20 sec
  Active is local
  Standby is 10.10.123.12, priority 110 (expires in 7.536 sec)  >>>> Standby AVG

  Priority 120 (configured)
  Weighting 100 (default 100), thresholds: lower 1, upper 100
    Track object 10 state Up decrement 30
  Load balancing: round-robin                                >>>>>> Load balancing Method
  Group members:
     c20a.29bc.0000 (10.10.123.11) local                     >>>>>>> R1's HW MAC
     c20b.2a14.0000 (10.10.123.12) authenticated       >>>>>>> R2's HW MAC
     c20c.09d8.0000 (10.10.123.13) authenticated       >>>>>>> R3's HW MAC
  There are 3 forwarders (1 active)
 Forwarder 1
    State is Listen

    4 state changes, last state change 00:05:19
    MAC address is 0007.b400.1401 (learnt)           >>>>>> Virtual MAC
    Owner ID is c20c.09d8.0000
    Redirection enabled, 597.376 sec remaining (maximum 600 sec)
    Time to live: 14397.376 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is 10.10.123.13 (primary), weighting 100 (expires in 7.372 sec)
    Client selection count: 4
  Forwarder 2
    State is Listen

    4 state changes, last state change 00:18:04
    MAC address is 0007.b400.1402 (learnt)        >>>>>> Virtual MAC
    Owner ID is c20b.2a14.0000
    Redirection enabled, 599.268 sec remaining (maximum 600 sec)
    Time to live: 14399.264 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is 10.10.123.12 (primary), weighting 100 (expires in 9.260 sec)
    Client selection count: 4
  Forwarder 3
    State is Active   

    1 state change, last state change 00:50:11
    MAC address is 0007.b400.1403 (default)     >>>>>> Virtual MAC
    Owner ID is c20a.29bc.0000
    Redirection enabled
    Preemption enabled, min delay 30 sec
    Active is local, weighting 100
    Client selection count: 4

R1#  sh glbp brief
Interface   Grp  Fwd    Pri           State       Address                Active router    Standby router
Fa0/0        20        -      120           Active   10.10.123.1            local                 10.10.123.12
Fa0/0        20       1        -              Listen    0007.b400.1401    10.10.123.13        -
Fa0/0        20       2        -              Listen    0007.b400.1402    10.10.123.12        -
Fa0/0        20       3        -              Active   0007.b400.1403      local                    -

R2#sh glbp brief
Interface   Grp  Fwd    Pri         State          Address                Active router     Standby router
Fa0/0        20      -        110      Standby      10.10.123.1           10.10.123.11      local
Fa0/0        20      1         -          Listen        0007.b400.1401    10.10.123.13         -
Fa0/0        20      2         -          Active        0007.b400.1402      local                   -
Fa0/0        20      3         -          Listen        0007.b400.1403     10.10.123.11        -

R3#sh glbp brief
Interface   Grp  Fwd   Pri         State         Address               Active router     Standby router
Fa0/0         20    -       100         Listen      10.10.123.1            10.10.123.11    10.10.123.12
Fa0/0         20    1         -           Active      0007.b400.1401     local                       -
Fa0/0         20    2         -           Listen      0007.b400.1402     10.10.123.12         -
Fa0/0         20    3         -           Listen      0007.b400.1403     10.10.123.11         -


The Switch forwards the traffic(towards WAN) to R1, R2, R3 based on different Virtual MAC addresses learned via different interfaces.

Switch#sh mac vlan 1
Destination Address  Address Type   VLAN   Destination Port
-------------------  ------------  ----  -----------------------------------
c206.27f0.0000             Self                      1           Vlan1
ca08.0ad8.0000             Dynamic             1          FastEthernet1/5
ca04.16b0.0000             Dynamic             1          FastEthernet1/0
ca05.2a88.0000             Dynamic             1          FastEthernet1/1
0007.b400.1401          Dynamic           1         FastEthernet1/4
0007.b400.1402          Dynamic           1         FastEthernet1/3
0007.b400.1403          Dynamic           1         FastEthernet1/2

c20a.29bc.0000             Dynamic              1         FastEthernet1/2
c20b.2a14.0000             Dynamic             1          FastEthernet1/3
c20c.09d8.0000             Dynamic             1          FastEthernet1/4


Traffic forwarded by all three AVFs (R1, R2, and R3) on their WAN links :

R1#sh int f0/1 | i rate
  Queueing strategy: fifo
  5 minute input rate 52000 bits/sec, 8 packets/sec
  5 minute output rate 53000 bits/sec, 8 packets/sec

R2#sh int s0/0 | i rate
  Queueing strategy: weighted fair
  5 minute input rate 109000 bits/sec, 16 packets/sec
  5 minute output rate 106000 bits/sec, 15 packets/sec

R3#sh int s0/0 | i rate
  Queueing strategy: weighted fair
  5 minute input rate 148000 bits/sec, 16 packets/sec
  5 minute output rate 147000 bits/sec, 15 packets/sec


All hosts are learning different virtual MAC for same Gateway IP (10.10.123.1) 

Host4#sh arp
Protocol  Address             Age (min)  Hardware Addr   Type     Interface
Internet  10.10.123.1            38        0007.b400.1401    ARPA   FastEthernet0/0
Internet  10.10.123.4             -          ca04.16b0.0000    ARPA   FastEthernet0/0

Host5#sh arp
Protocol  Address              Age (min)  Hardware Addr   Type     Interface
Internet  10.10.123.1            40           0007.b400.1402  ARPA   FastEthernet0/0
Internet  10.10.123.5             -             ca05.2a88.0000  ARPA    FastEthernet0/0

Host6#sh arp
Protocol  Address              Age (min)  Hardware Addr   Type    Interface
Internet  10.10.123.1            41         0007.b400.1403   ARPA    FastEthernet0/0
Internet  10.10.123.6             -           a08.0ad8.0000     ARPA    FastEthernet0/0


Some more commands:

R1(config-if)# glbp group load-balancing [round-robin | weighted | host-dependent]

R1(config-if)# glbp group weighting maximum [lower lower] [upper upper]

The maximum weight can range from 1 to 254 (default 100). The upper (default maximum) and
lower (default 1) thresholds define when the router can and cannot be the AVF, respectively.


Hello and hold (or dead) timers can be configured for each interface with the command:

R1(config-if)# glbp group-number timers [msec] hello-time [msec] hold-time.

Values are in seconds unless the msec keyword is used.