Redundancy -- HSRP, VRRP AND GLBP

Answered Question
Jun 23rd, 2008
User Badges:
  • Bronze, 100 points or more

1.}A network with SVI configured for more that 16 vlans with host machines deriving their IP's from a dedicated windows DHCP server and each vlan's SVI ip address configured as the default gateway on the DHCP server. How will the hosts be aware of the virtual IP's used for redundancy if their current default gateway is their individual vlan svi ip address?


Correct Answer by Richard Burts about 8 years 10 months ago

Babatunde


My solution works essentially the same whether there is 1 subnet (1 vlan) or 16 vlans (16 subnets - just for 16 vlans you would do it 16 times).


to explain it I will borrow from the example provided by Jon. So we will start with vlan 10 with its original address (which would also be the address configured in DHCP for the default router)

int vlan 10

ip address 192.168.5.1 255.255.255.0


Then we will change the SVI address from .1 to .2 and will add the HSRP using .1 for the virtual address

int vlan 10

ip address 192.168.5.2 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 pri 100

standby 10 preempt

standby 10 auth


and then if you have another vlan you do the same steps for the other vlan

int vlan 11

ip address 192.168.11.1 255.255.255.0


Then we will change the SVI address from .1 to .2 and will add the HSRP using .1 for the virtual address

int vlan 11

ip address 192.168.11.2 255.255.255.0

standby 11 ip 192.168.11.1

standby 11 pri 100

standby 11 preempt

standby 11 auth


And you can do these steps 16 times and will change 16 vlans.


HTH


Rick

Correct Answer by Richard Burts about 8 years 10 months ago

Babatunde


If I correctly understand some aspect of your situation not explained in your post, I believe that you are describing a situation in which the switch(es) were configured and the network implemented without having redundancy. Now you want to go back and implement redundancy and to minimize the impact of the change (make it as transparent as possible to users).


While I agree with Jon that the real solution is to have the default gateway defined in DHCP be the virtual address, I believe that there is a way to get to that which will minimize the impact to users. I have been through a similar conversion effort. What we did was to keep the same default gateway in DHCP. We changed the address on the SVI to a different address, and we configured the virtual address to be the previous SVI address. The result was redundancy achieved without anything in the user PC changing.


Another possible approach would be to set a very short lease in DHCP. Once the user PCs are going back to DHCP on a very frequent basis you can schedule a maintenance window for a time when the minimum number of users are on the network, make your changes to configure redundancy, and by the time that most users return to the network the PC will have a working default gateway that points to the virtual address.


HTH


Rick

Correct Answer by Jon Marshall about 8 years 10 months ago

You set the default-gateway in your DHCP scope to be the virtual IP address eg


switch1


int vlan 10

ip address 192.168.5.2 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 pri 100

standby 10 preempt

standby 10 auth


switch 2


int vlan 10

ip address 192.168.5.3 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 pri 110

standby 10 auth


You then set the default-gateway in your DHCP scope to be 192.168.5.1 ie. the Virtual IP.


Jon


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (6 ratings)
Loading.
Correct Answer
Jon Marshall Tue, 06/24/2008 - 03:01
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

You set the default-gateway in your DHCP scope to be the virtual IP address eg


switch1


int vlan 10

ip address 192.168.5.2 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 pri 100

standby 10 preempt

standby 10 auth


switch 2


int vlan 10

ip address 192.168.5.3 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 pri 110

standby 10 auth


You then set the default-gateway in your DHCP scope to be 192.168.5.1 ie. the Virtual IP.


Jon


Correct Answer
Richard Burts Tue, 06/24/2008 - 03:25
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Babatunde


If I correctly understand some aspect of your situation not explained in your post, I believe that you are describing a situation in which the switch(es) were configured and the network implemented without having redundancy. Now you want to go back and implement redundancy and to minimize the impact of the change (make it as transparent as possible to users).


While I agree with Jon that the real solution is to have the default gateway defined in DHCP be the virtual address, I believe that there is a way to get to that which will minimize the impact to users. I have been through a similar conversion effort. What we did was to keep the same default gateway in DHCP. We changed the address on the SVI to a different address, and we configured the virtual address to be the previous SVI address. The result was redundancy achieved without anything in the user PC changing.


Another possible approach would be to set a very short lease in DHCP. Once the user PCs are going back to DHCP on a very frequent basis you can schedule a maintenance window for a time when the minimum number of users are on the network, make your changes to configure redundancy, and by the time that most users return to the network the PC will have a working default gateway that points to the virtual address.


HTH


Rick

babatunde_sanda Tue, 06/24/2008 - 09:40
User Badges:
  • Bronze, 100 points or more

Thanks Jon for the hsrp config. I actually understand the configurations and how to implement them. Your suggestion which I figured was my solution is pretty straight forward. Looking more at the way Rick analyzed it. Rick this goes for you. Simply changing the default gateway for all my subnets to the virtual IP address and reconfiguring the DHCP renewal time scope will achieve the results as you acknowledged.


When you said "We changed the address on the SVI to a different address (the address must still be within the subnet, right?), and we configured the virtual address to be the previous SVI address" where you dealing with just a subnet? Because that's the way I picture that will work well. But with multiple subnets..... (Clarify please). The way I see it with what you said that means I have to have as many HSRP/VRRP/GLBP virtual IP address groups for that solution. As I said I may be wrong please clarify with the scenario you figured out but take note there is more than a subnet (16 vlans). You could just explain the scenario you experienced (mentioning the VLANs, SVI interfaces virtual IP address and how you made the host aware of the Virtual IP address) that might help my understanding.


Thanks in advance.




Correct Answer
Richard Burts Tue, 06/24/2008 - 10:05
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Babatunde


My solution works essentially the same whether there is 1 subnet (1 vlan) or 16 vlans (16 subnets - just for 16 vlans you would do it 16 times).


to explain it I will borrow from the example provided by Jon. So we will start with vlan 10 with its original address (which would also be the address configured in DHCP for the default router)

int vlan 10

ip address 192.168.5.1 255.255.255.0


Then we will change the SVI address from .1 to .2 and will add the HSRP using .1 for the virtual address

int vlan 10

ip address 192.168.5.2 255.255.255.0

standby 10 ip 192.168.5.1

standby 10 pri 100

standby 10 preempt

standby 10 auth


and then if you have another vlan you do the same steps for the other vlan

int vlan 11

ip address 192.168.11.1 255.255.255.0


Then we will change the SVI address from .1 to .2 and will add the HSRP using .1 for the virtual address

int vlan 11

ip address 192.168.11.2 255.255.255.0

standby 11 ip 192.168.11.1

standby 11 pri 100

standby 11 preempt

standby 11 auth


And you can do these steps 16 times and will change 16 vlans.


HTH


Rick

babatunde_sanda Tue, 06/24/2008 - 10:06
User Badges:
  • Bronze, 100 points or more

You know what Rick, I carefully analysed your solution in my head now and pictured it right. That is another briliant solution. Thanks. In Jon's senario, I have to reconfigure the default gateway for each subnet to the virtual IP address in the DHCP server scopes but in your senario to use the same IP address, I just need to add the standby group, priority and what other configs I want to the existing SVI interfaces. right? Thanks.




Jon Marshall Tue, 06/24/2008 - 11:52
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Babatunde


The scenario i gave was just a generic answer to how to use HSRP on 2 switches.


However as Rick correctly interpreted you are also concerned with a migration. So in answer to your question yes Rick's solution means you do not need to update your DHCP scope nor change anything on the client.


Jon

Actions

This Discussion