High Availability requirement
Redundancy can be built at all layers, starting from the End System to the other end system throughout the path as well, redundancy at the data level through redundant storage mediums..Etc.
In this chapter we will talk & walk through the redundancy protocols used to build redundancy , hardware or system level redundancy , data path redundancy , also we will talk about fail-over & fail-back mechanisms provided by these redundant systems.
We already saw how Spanning Tree at Layer 2 provides redundancy with 2 links keeping one of the link’s in blocked state to avoid loops, to leverage the STP further, ether-channel technology on the other hand was able to bundle the two links together to create a single logical link of a better capacity there by avoiding blocking scenario of the Spanning tree, helping achieve the full capacity or higher bandwidth of a aggregated link.
The overall Network failover time is the combination of convergence at Layer 2, Layer 3, and Layer 4 components.
• RSTP converges in about 1 second. RSTP permits sub second convergence time for minor failures when logical ports are under watermarks, and can take 1 second to 2 seconds for major failure conditions.
• Ether Channel can fail over in about 1 second. When a link fails, Cisco Ether Channel technology redirects traffic from the failed link to the remaining links in less than 1 second.
• Default HSRP timer is 3 seconds hello and 10 seconds hold time. But you can configure the hello timers to 1 second with a hold time of 3 seconds matching the VRRP default timer, so that convergence occurs in less than 3 seconds. Convergence can be adjusted down to sub second values, but the CPU load must be considered when doing so.
• Tuned routing protocols can failover in less than one second. OSPF and EIGRP can both achieve sub second convergence time with recommended timer configurations.
• The least tolerant TCP/IP stacks are the Windows Server and Windows based clients, which have about an average 9-second tolerance. Each of the TCP/IP stacks that are built in to the various operating systems has a different level of tolerance for determining when a TCP session will be dropped. Other TCP/IP stacks such as those found in Linux, HP, and IBM systems are more tolerant and have a longer window before tearing down a TCP session.
First Hop redundancy Protocol (FHRP)
As we know it’s very important to have the Gateway always available, gateway being the 1st hop is very important part of network redundancy consideration. There are different protocols like HSRP, VRRP, and GLBP available as options to build required redundancy at the gateway or the 1st hop, the choice of protocol is based on no. of factors like load balancing requirement, gateway device type, no. of groups required which is based on no. of existing VLANs which requires redundancy to be built around there SVI’s (Switched virtual Interface).
How do we make Gateway independent of any Physical Devices?
By not tying the Gateway IP of the end system to the physical device, by making the Gateway IP a virtual address which can move upon a Physical device failure across other active physical device. The concept is called the VIP or the Virtual IP address which is shared across two or more physical devices.
Both HSRP and VRRP enable two or more devices to work together in a group, sharing a single IP address, the virtual IP address. The virtual IP address is configured in each end user's workstation as a default gateway address and is cached in the host's Address Resolution Protocol (ARP) cache. An HSRP group has one active router, at least one standby router, and perhaps many listening routers. A VRRP group has one master router and one or more backup routers.
GLBP ( Gateway load balancing Protocol ) works little differently from the concept of HSRP & VRRP , here a Single VIP Address can have multiple MAC address of the different Active virtual Forwarders(AVF’s) enabling much better load balancing , a master called Active virtual gateway(AVG) controls all AVF’s & the ARP resolutions requests from clients .
HSRP (Hot Standby Routing Protocols) version 1 – Layer 4 Application (UDP Based)
Cisco proprietary Protocol which puts routers or Layer3 interfaces into HSRP group.
HSRP group can be assigned an arbitrary group no. from 0 to 255.
HSRP sends hellos to multicast destination 224.0.0.2 (all routers) using UDP port 1985
One Primary router & other is standby, HSRP configuration will create a Sudo router (virtual router) which can move across any sides of the two or more physical router.
By Default HSRP doesn’t provide load balancing, but HSRP load balancing can be achieved when configured with multiple groups …
HSRP Router election is based on the priority value which is from 0 to 255, it is configured on each router in the group. Default priority value in HSRP is 100.
Router with highest priority becomes the active router for the group.
If all Routers have equal or default priority then the router with highest IP address become the Active for the HSRP Group.
“standby 1 ip 10.10.1.1 “ command will enable HSRP , 1 is the Group no. & 10.10.1.1 is the VIP for the Group which is common across DST1 & DST2, which is the client gateway address for vlan10 that the DHCP server will provide.
To make DST1 active & DST2 standby for DST1, a higher priority value of 170 is configured on the DST1.
Preempt
In case of DST1 failure , DST2 will take over after 3 hello’s , once the Hold timer of 10sec (default) expires , in order for DST1 to fallback to active after his recovery , we need to configure the “preempt “ command , else DST2 will stay active even after DST1 recovers from failure .
Track objects for tracking the critical interfaces & Falling over of HSRP
Layer 2 & layer 3 tracking is enabled & decrement values are tied for each so that the priority falls below default to failover.
Track object Configuration
track 1 interface FastEthernet1/3 ip routing
track 2 interface FastEthernet1/3 line-protocol
track 3 interface FastEthernet1/4 line-protocol
track 4 interface FastEthernet1/4 ip routing
Note: Testing of the failover will be done in the redundancy testing section later in this module.
FHRP advanced Tracking with IP SLA
The dependence on the Enterprise network is increasing day by day for both internal and external communication. With this growing dependence, network bandwidth consumption is constantly on the rise on an exponential basis. With the increased dependency on network it is very important to assure the Service level availability.
Cisco IP SLA is a technology from Cisco that actively monitors traffic to measure the performance of the network by measuring critical parameters for traffic passing Cisco IOS software devices and other network application servers.
IP SLA can be used for SLA Monitoring, performance monitoring, Network Availability Monitoring.
Here in the current scenario we will be using it for Availability monitoring, DST1 & DST 2 is already configured with Track objects, to track its corresponding uplinks to RT21 & RT22.
But what if the RT21 WAN link is not able to route packets any more , then we can use the IP SLA to monitor the availability of WAN link to route packets through it.
DST1 & DST2 will be configured to monitor the remote end WAN link IP address on the Provider Edge Router to failover automatically.